Fortinet has issued urgent patches for 17 vulnerabilities, including a zero day flaw in its FortiWeb Web Application Firewall (WAF) that is currently being exploited in the wild.
Second FortiWeb Zero Day in a Week
The newly patched vulnerability is an OS command injection issue tracked as CVE-2025-58034 (CVSS score 6.7). This medium severity bug allows authenticated attackers to execute arbitrary code on the underlying system by submitting crafted HTTP requests or Command Line Interface (CLI) commands.
Fortinet confirmed in its advisory that it has "observed this to be exploited in the wild," though it provided no details on the nature of the attacks.
This marks the second FortiWeb zero day disclosed by the company in less than a week. The previous flaw, CVE-2025-64446 (CVSS score 9.1), was a critical severity path traversal issue that was also being actively targeted.
Urgent Remediation
Fortinet has resolved both exploited vulnerabilities in the following FortiWeb versions: 8.0.2, 7.6.6, 7.4.11, 7.2.12, and 7.0.12. Users are strongly urged to update their deployments immediately.
The severity of the exploited flaws was highlighted by the US cybersecurity agency CISA, which added CVE-2025-58034 to its Known Exploited Vulnerabilities (KEV) catalog. CISA mandates that federal agencies patch flaws added to the KEV catalog within a very short window, in this case, one week.
In addition to the two zero days, Fortinet patched 15 other vulnerabilities. This included three high severity flaws in FortiClient Windows and FortiVoice that could also lead to arbitrary code or command execution. Fortinet has not indicated that any of these other 15 vulnerabilities are currently being exploited in the wild.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
