Fortinet Confirms In-the-Wild Exploitation of Critical Flaw

Fortinet has released an urgent security advisory for a critical vulnerability in its FortiWeb web application firewall (WAF), identified as CVE-2025-58034. The company has confirmed that this vulnerability is being actively exploited in the wild by threat actors.

The security flaw is a command injection vulnerability found within the management interface of the FortiWeb appliance. Successful exploitation allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with the highest privileges.

Vulnerability Details: CVE-2025-58034

The vulnerability has been assigned a CVSS score of 9.8 out of 10.0, reflecting its critical severity. Due to the flaw residing in the management interface, an attacker can achieve complete system compromise without requiring any prior authentication.

Fortinet’s Product Security Incident Response Team (PSIRT) issued the alert, urging customers to take immediate action. The advisory states that the flaw affects multiple versions of the FortiWeb product line. The active exploitation indicates that attackers are aware of the vulnerability and are using it in ongoing attacks.

Affected Versions and Required Actions

According to the security advisory, the following FortiWeb versions are impacted by CVE-2025-58034:

FortiWeb versions 7.2.0 through 7.2.3
FortiWeb versions 7.0.0 through 7.0.8

Fortinet has released patches to address the vulnerability in the following versions:

FortiWeb versions 7.2.4 or above
FortiWeb versions 7.0.9 or above

Given the confirmed in-the-wild exploitation, administrators are strongly advised to update their FortiWeb appliances to the recommended patched versions immediately to prevent system compromise.

Source: https://thehackernews.com/2025/11/fortinet-warns-of-new-fortiweb-cve-2025.html