Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild

Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild

Fortinet has disclosed a critical OS command injection flaw (CVE-2025-58034) in FortiWeb, exploited in the wild with a CVSS score of 6.7. Attackers can execute arbitrary code after authenticating via crafted HTTP requests or CLI commands.

Why This Matters

The vulnerability highlights a gap between ideal security practices and real-world vendor responses. While Fortinet patched the flaw, it did so without public disclosure, leaving defenders unaware of the risk. This delay enables attackers to exploit the vulnerability before patches are applied, increasing the attack surface. Rapid7 noted that chaining CVE-2025-58034 with another recently patched flaw (CVE-2025-64446) allows unauthenticated remote code execution, amplifying the threat.

Key Insights

• “CVE-2025-58034 (CVSS 6.7) exploited in the wild, 2025”: [The Hacker News, 2025-11-19]
• “Chaining CVE-2025-58034 with CVE-2025-64446 enables authentication bypass”: [Rapid7, 2025-11-19]
• “CISA mandates patching by November 25, 2025”: [CISA KEV Catalog, 2025-11-19]

Practical Applications

• Use Case: Federal agencies must patch FortiWeb by November 25, 2025, per CISA mandates.
• Pitfall: Silent patching without disclosure leaves organizations vulnerable to zero-day exploitation.

References:

• https://thehackernews.com/2025/11/fortinet-warns-of-new-fortiweb-cve-2025.html