The Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical vulnerability, CVE-2025-58034, affecting Fortinet FortiWeb appliances. This vulnerability is classified as an OS command injection weakness, allowing authenticated attackers to execute unauthorized code on the system. The exploitation occurs via specially crafted HTTP requests or CLI commands that bypass security controls, potentially leading to data theft or system compromise. Organizations are urged to apply the necessary security patches immediately, as CISA has mandated that federal agencies must implement these updates by November 25, 2025. Failure to address this vulnerability could result in severe consequences, as attackers could escalate privileges and deploy malware. Given the urgency outlined in CISA’s directive, immediate action is essential for all users of Fortinet FortiWeb to mitigate risks and safeguard their systems.
👉 Pročitaj original: Cyber Security News
