Fortinet’s very bad, no good time with its FortiWeb suite of firewall products is continuing, with the second disclosure this week of an actively exploited vulnerability in the platform.
CVE-2025-58034, disclosed by FortiGuard Labs on 18 November, is a command injection vulnerability that could lead to an authenticated attacker executing malicious code via specifically crafted CLI commands or HTTP requests. The vulnerability has a CVSS score of 6.7, making it of medium severity, but that hardly counts with hackers already on the case.
Fortinet said it has observed exploitation of the vulnerability in the wild, and the US Cybersecurity and Infrastructure Security Agency (CISA) has already added the vulnerability to its Known Exploited Vulnerabilities Catalog.
“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” CISA said in an 18 November advisory.
The vulnerability impacts the following versions:
- 7.6.0 through 7.6.4
- 7.4.0 through 7.4.8
- 7.2.0 through 7.2.11
- 7.0.2 through 7.0.11
Fortinet said it was “pleased to thank Jason McFadyen from Trend Research of Trend Micro for reporting this vulnerability under responsible disclosure”.
Earlier this week, Fortinet and CISA reported active exploitation of CVE-2025-64446, an authentication bypass vulnerability also impacting Fortinet’s FortiWeb products, after security analysts sounded the alarm on its exploitation the week before.
“Oh look at that, it’s a Thursday! And in continuing with Thursday’s, the watchTowr team is seeing active, indiscriminate in-the-wild exploitation of what appears to be a silently patched vulnerability in Fortinet’s FortiWeb product,” watchTowr’s CEO, Benjamin Harris, said on 14 November.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.