Tech »  Topic »  Fortinet admits it found another worrying zero-day being exploited in attacks

Fortinet admits it found another worrying zero-day being exploited in attacks

16 hours ago   techradar.com
  • Fortinet patched FortiWeb flaw CVE-2025-58034, enabling OS command injection attacks
  • Vulnerable versions span 7.0.0–7.0.11, 7.2.0–7.2.11, 7.4.0–7.4.10, 7.6.0–7.6.5, 8.0.0–8.0.1
  • Actively exploited in the wild, with ~2,000 attack attempts already detected

Fortinet has issued an urgent patch for a high-severity vulnerability in FortiWeb which is apparently being abused in the wild.

FortiWeb is the company’s dedicated web application firewall (WAF), usually installed in front of a website or API and designed to filter out malicious traffic.

In a security advisory, Fortinet said Jason McFadyen of Trend Micro’s Trend Research found, and disclosed, an improper neutralization of special elements used in an OS command flaw, also known as ‘OS Command Injection’. This bug, now tracked as CVE-2025-58034, allows unauthenticated threat actors to execute unauthorized code ...


Copyright of this story solely belongs to techradar.com . To see the full text click HERE

More related news