Fortinet’s urgent advisory addresses CVE-2025-58034, a zero-day vulnerability found in its FortiWeb web application firewall platform. This flaw allows authenticated attackers to execute arbitrary code via crafted HTTP requests or the CLI, significantly jeopardizing device integrity. Security experts, including Jason McFadyen from Trend Micro, reported the issue, prompting Fortinet to publish mitigation steps on November 18.
The vulnerability impacts several FortiWeb versions, necessitating upgrades to patched versions to safeguard against potential exploitation. Security researchers have noted that the associated CVSSv3 score is 6.7, categorized as medium severity. However, other comparable issues have emerged, raising concerns of critical severity due to the presence of unauthenticated access vectors. Active exploitation in the wild has been reported since early October, with evidence of proof-of-concept code circulating on underground forums, leading to unauthorized account creation and network compromises. Fortinet advises immediate upgrades and management interface restrictions to mitigate the risks.
👉 Pročitaj original: Cyber Security News
