Fortinet

Fortinet disclosed **CVE-2025-58034**, a **command injection zero-day vulnerability** in its **FortiWeb firewall products**, actively exploited in the wild. The flaw allows an **authenticated attacker** to execute arbitrary malicious code via crafted **CLI commands or HTTP requests**, despite its **CVSS score of 6.7 (medium severity)**. The vulnerability affects multiple versions, including **7.6.0–7.6.4, 7.4.0–7.4.8, 7.2.0–7.2.11, and 7.0.2–7.0.11**. The **U.S. Cybersecurity and Infrastructure Security Agency (CISA)** added it to its **Known Exploited Vulnerabilities Catalog**, warning of **significant risks to federal enterprises**. This marks the **second actively exploited FortiWeb vulnerability in a week**, following **CVE-2025-64446 (authentication bypass)**, indicating a **pattern of targeted attacks** on Fortinet’s web application firewall infrastructure. While no **direct data breach or ransomware deployment** has been confirmed, the **exploitation potential** poses severe risks, including **unauthorized system access, lateral movement, or follow-on attacks** like data exfiltration or service disruption. Fortinet credited **Trend Micro’s Trend Research** for responsible disclosure but has not provided details on **attacker attribution or impacted organizations**.

Source: https://www.cyberdaily.au/security/12916-oh-no-not-again-cisa-and-fortiguard-labs-warn-of-yet-another-exploited-fortiweb-vulnerability

Fortinet cybersecurity rating report: https://www.rankiteo.com/company/fortinet

"id": "FOR0562105111925",
"linkid": "fortinet",
"type": "Vulnerability",
"date": "6/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Cyber Security',
                        'location': 'Global',
                        'name': 'Fortinet',
                        'type': 'Corporation'}],
 'attack_vector': ['Authenticated Attack',
                   'Crafted CLI Commands',
                   'Malicious HTTP Requests'],
 'customer_advisories': ['FortiGuard Labs public disclosure'],
 'date_publicly_disclosed': '2024-11-18',
 'description': 'A command injection zero-day vulnerability (CVE-2025-58034) '
                'in Fortinet’s FortiWeb firewall products is being actively '
                'exploited in the wild. The vulnerability allows an '
                'authenticated attacker to execute malicious code via crafted '
                'CLI commands or HTTP requests. It has a CVSS score of 6.7 '
                '(medium severity) but poses significant risks due to ongoing '
                'exploitation. The issue impacts versions 7.6.0–7.6.4, '
                '7.4.0–7.4.8, 7.2.0–7.2.11, and 7.0.2–7.0.11. CISA has added '
                'it to its Known Exploited Vulnerabilities Catalog.',
 'impact': {'brand_reputation_impact': ['Negative publicity due to repeated '
                                        'vulnerabilities in Fortinet products'],
            'operational_impact': ['Potential unauthorized code execution',
                                   'Risk to federal enterprise systems (per '
                                   'CISA)'],
            'systems_affected': ['FortiWeb Firewall Products (versions '
                                 '7.6.0–7.6.4, 7.4.0–7.4.8, 7.2.0–7.2.11, '
                                 '7.0.2–7.0.11)']},
 'initial_access_broker': {'entry_point': ['FortiWeb CLI', 'HTTP Requests'],
                           'high_value_targets': ['Federal enterprise systems '
                                                  '(per CISA)']},
 'investigation_status': 'Ongoing (exploitation confirmed, patches likely in '
                         'development)',
 'post_incident_analysis': {'root_causes': ['Command injection vulnerability '
                                            'in FortiWeb',
                                            'Insufficient input validation for '
                                            'CLI/HTTP requests']},
 'recommendations': ['Apply patches for FortiWeb versions 7.6.0–7.6.4, '
                     '7.4.0–7.4.8, 7.2.0–7.2.11, 7.0.2–7.0.11 once available',
                     'Monitor for signs of exploitation (e.g., unusual '
                     'CLI/HTTP requests)',
                     'Follow CISA guidance for federal enterprise mitigation'],
 'references': [{'date_accessed': '2024-11-18',
                 'source': 'FortiGuard Labs Advisory'},
                {'date_accessed': '2024-11-18',
                 'source': 'CISA Advisory (Known Exploited Vulnerabilities '
                           'Catalog)'},
                {'source': 'Cyber Daily Article by David Hollingworth'},
                {'date_accessed': '2024-11-14',
                 'source': 'watchTowr (Benjamin Harris) Tweet'}],
 'regulatory_compliance': {'regulatory_notifications': ['CISA advisory (added '
                                                        'to Known Exploited '
                                                        'Vulnerabilities '
                                                        'Catalog)']},
 'response': {'communication_strategy': ['Public advisory by FortiGuard Labs',
                                         'CISA advisory issued'],
              'remediation_measures': ['CISA added to Known Exploited '
                                       'Vulnerabilities Catalog',
                                       'Fortinet likely working on patches '
                                       '(not explicitly stated)'],
              'third_party_assistance': ['Reported by Jason McFadyen (Trend '
                                         'Micro) under responsible '
                                         'disclosure']},
 'stakeholder_advisories': ['CISA advisory for federal enterprises'],
 'title': 'Exploited Command Injection Zero-Day in Fortinet FortiWeb Firewall '
          'Products (CVE-2025-58034)',
 'type': ['Vulnerability Exploitation', 'Command Injection', 'Zero-Day'],
 'vulnerability_exploited': 'CVE-2025-58034 (Command Injection in FortiWeb)'}

Fortinet

Truffle Security Co.: Public GitLab repositories exposed more than 17,000 secrets

OpenJS Foundation: Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk

New Vulnerability Affects All Intel Processors From The Last 6 Years