MUST READ

Eurofiber confirms November 13 hack, data theft, and extortion attempt

 | 

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

 | 

Pennsylvania Office of the Attorney General (OAG) confirms data breach after August attack

 | 

DoorDash data breach exposes personal info after social engineering attack

 | 

Google fixed the seventh Chrome zero-day in 2025

 | 

Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases

 | 

Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps

 | 

Jaguar Land Rover confirms major disruption and £196M cost from September cyberattack

 | 

North Korean threat actors use JSON sites to deliver malware via trojanized code

 | 

RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025

 | 

Five admit helping North Korea evade sanctions through IT worker schemes

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 71

 | 

Security Affairs newsletter Round 550 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Anthropic: China-backed hackers launch first large-scale autonomous AI cyberattack

 | 

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical CVE-2025-59367 flaw lets hackers access ASUS DSL routers remotely

 | 

Millions of sites at risk from Imunify360 critical flaw exploit

 | 

Critical FortiWeb flaw under attack, allowing complete compromise

 | 

Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs

 | 

Washington Post notifies 10,000 individuals affected in Oracle-linked data theft

 | 

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

Pierluigi Paganini November 19, 2025

Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034, which attackers are actively exploiting.

Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034 (CVSS score 6.7), which is being actively exploited in attacks in the wild. Trend Micro researcher Jason McFadyen reported the vulnerability.

The flaw is an improper neutralization of special elements used in an OS Command (‘OS Command Injection’) vulnerability. An authenticated attacker can trigger the vulnerability to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.

“An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.” reads the advisory. “Fortinet has observed this to be exploited in the wild.”

Below are the affected versions:

VersionAffectedSolution
FortiWeb 8.08.0.0 through 8.0.1Upgrade to 8.0.2 or above
FortiWeb 7.67.6.0 through 7.6.5Upgrade to 7.6.6 or above
FortiWeb 7.47.4.0 through 7.4.10Upgrade to 7.4.11 or above
FortiWeb 7.27.2.0 through 7.2.11Upgrade to 7.2.12 or above
FortiWeb 7.07.0.0 through 7.0.11Upgrade to 7.0.12 or above

Recently, Fortinet addressed another FortiWeb zero-day, tracked as CVE-2025-64446 (CVSS score of 9.1), actively exploited in attacks in the wild.

The vulnerability is a relative path traversal issue in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11. An attacker can exploit the flaw to execute administrative commands on the system by sending crafted HTTP or HTTPS requests to vulnerable devices.

“A relative path traversal vulnerability [CWE-23] in FortiWeb may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.” reads the advisory. “Fortinet has observed this to be exploited in the wild”

The cybersecurity vendor recommends disabling HTTP/HTTPS on internet-facing interfaces until upgrading. If management access is internal only, the risk is greatly reduced.

Last week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities (KEV) catalog.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Fortinet)

Fortinet FortiWeb Hacking hacking news information security news IT Information Security Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini November 19, 2025
Eurofiber confirms November 13 hack, data theft, and extortion attempt
Read more
Pierluigi Paganini November 18, 2025
Pennsylvania Office of the Attorney General (OAG) confirms data breach after August attack
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Eurofiber confirms November 13 hack, data theft, and extortion attempt

Data Breach / November 19, 2025

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

Hacking / November 19, 2025

Pennsylvania Office of the Attorney General (OAG) confirms data breach after August attack

Data Breach / November 18, 2025

DoorDash data breach exposes personal info after social engineering attack

Data Breach / November 18, 2025

Google fixed the seventh Chrome zero-day in 2025

Hacking / November 18, 2025