All news with #fortiweb tag

Fortinet Criticized for Silent Patching of Two Zero-Days

⚠️Fortinet has faced criticism for quietly patching two zero-day vulnerabilities in its FortiWeb WAFs before publicly disclosing them. The first, CVE-2025-64446, is rated critical (CVSS 9.4) and involves a GUI path-traversal plus an authentication-bypass flaw; the second, CVE-2025-58034 (CVSS 6.7), is an OS command injection that may allow authenticated code execution. Both fixes were included in the 8.0.2 update on October 28 and have been observed exploited in the wild, prompting calls for greater transparency and urgent patching.

CISA Orders Rapid Patching for New FortiWeb Flaw Directive

🔒 CISA has ordered U.S. federal agencies to remediate a FortiWeb OS command injection vulnerability (CVE-2025-58034) within seven days after reports of active exploitation. Fortinet warns the flaw can allow an authenticated attacker to execute unauthorized code via crafted HTTP requests or CLI commands. The agency added the issue to its Known Exploited Vulnerabilities Catalog and set a November 25 deadline under BOD 22-01. CISA cited related zero-day activity (CVE-2025-64446) and recommended expedited fixes.

Fortinet Warns: FortiWeb Command Injection CVE-2025-58034

🔔 Fortinet has issued an advisory about a newly discovered FortiWeb vulnerability, CVE-2025-58034, rated CVSS 6.7 and reported as being exploited in the wild. The flaw is an OS command injection that allows an authenticated attacker, who has gained access by other means, to execute arbitrary commands via crafted HTTP requests or CLI input. Fortinet provides version-based upgrade guidance to remediate the issue and credited a Trend Micro researcher for reporting the bug.

Fortinet warns of FortiWeb zero-day being exploited

🚨 Fortinet has released security updates to remediate a new FortiWeb zero-day tracked as CVE-2025-58034, which the vendor says is being actively exploited in the wild. The vulnerability is an authenticated OS command injection (CWE-78) that can allow an attacker to execute code via crafted HTTP requests or CLI commands without user interaction. Fortinet confirmed observed exploitation and published fixes; administrators should upgrade affected FortiWeb appliances to the patched releases as soon as possible.

Silent FortiWeb Patch Raises Alarm as Critical Flaw Exploited

🔒 Fortinet's FortiWeb appliances are affected by a critical vulnerability tracked as CVE-2025-64446 that researchers say was exploited in the wild before an official advisory. The issue chains a relative path traversal to an internal CGI backend with an HTTP_CGIINFO header authentication bypass that allows unauthenticated admin impersonation and potential remote code execution. Fortinet released fixes in multiple 7.x and 8.x maintenance updates and recommends disabling HTTP/HTTPS on internet-facing management interfaces if upgrades cannot be applied immediately.

CISA Adds Fortinet FortiWeb Command Injection CVE Advisory

⚠️ CISA has added CVE-2025-58034, a Fortinet FortiWeb OS command code injection vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The agency recommends a reduced remediation timeframe of one week due to recent and ongoing exploitation and points to BOD 23-02 for steps to limit exposure from internet-accessible management interfaces. Although BOD 22-01 applies to Federal Civilian Executive Branch agencies, CISA strongly urges all organizations to prioritize timely remediation and vulnerability management for KEV entries.

Fortinet silently patches FortiWeb zero-day flaw in the wild

🚨 Fortinet confirmed a silent patch for a critical FortiWeb GUI path confusion zero-day (tracked as CVE-2025-64446) that is being "massively exploited in the wild." The flaw allowed unauthenticated HTTP(S) requests to execute administrative commands and create local admin accounts on internet-exposed devices. Fortinet released fixes in FortiWeb 8.0.2 (Oct 28) and later; administrators should upgrade, disable internet-facing management interfaces if they cannot update immediately, and audit logs for unauthorized accounts.

Fortinet FortiWeb Path Traversal Vulnerability Alert

⚠️ Fortinet has released an advisory for FortiWeb addressing CVE-2025-64446, a CWE-23 relative path traversal that can allow unauthenticated actors to execute administrative commands via crafted HTTP/HTTPS requests. Affected releases include multiple 7.x and 8.x versions; Fortinet provides specific upgrade targets (8.0.2+, 7.6.5+, 7.4.10+, 7.2.12+, 7.0.12+). If immediate upgrades are not possible, disable HTTP/HTTPS on internet-facing interfaces and, after remediation, review configurations and logs for unexpected modifications or unauthorized administrator accounts.

FortiWeb Path Traversal Flaw Allows Admin Account Creation

⚠️ A path traversal vulnerability in Fortinet FortiWeb appliances is being actively exploited to create local administrative users without authentication. Researchers from Defused and PwnDefend described requests targeting the /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi endpoint that inject admin accounts. Rapid7 and others confirm versions 8.0.1 and earlier are affected, while 8.0.2 is believed to contain the fix. Administrators are urged to update immediately, review logs for fwbcgi access, and search for unexpected admin accounts.