Fortinet Issues Urgent Security Update for Exploited Zero-Day Vulnerability

Fortinet has issued a security advisory regarding a newly identified zero-day vulnerability in its FortiWeb web application firewall, designated as CVE-2025-58034. This vulnerability is currently being exploited in attacks, prompting the company to release critical updates aimed at mitigating the associated risks. The flaw allows authenticated threat actors to execute arbitrary code through an OS command injection, which can be carried out with low complexity and without requiring user interaction.

The vulnerability was reported by Jason McFadyen of Trend Micro’s Trend Research team. Fortinet described the issue as “an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78].” According to the company’s advisory, attackers can leverage crafted HTTP requests or command-line interface (CLI) commands to execute unauthorized code on the affected systems.

To safeguard against these threats, system administrators are urged to upgrade their FortiWeb devices to the latest software released on the same day as the advisory. This proactive measure is crucial, as Fortinet has confirmed that the vulnerability is being actively exploited in the wild.

Recent Exploits and Security Measures

This announcement comes on the heels of another zero-day vulnerability, CVE-2025-64446, which Fortinet patched on October 28, 2023. This earlier flaw was also noted for its significant exploitation potential, with attackers reportedly using HTTP POST requests to create new admin-level accounts on devices exposed to the Internet. The Cybersecurity and Infrastructure Security Agency (CISA) has since added CVE-2025-64446 to its list of actively exploited vulnerabilities, mandating that U.S. federal agencies secure their systems by November 21, 2023.

In light of these incidents, security experts have raised concerns about the frequency with which Fortinet vulnerabilities are targeted. Earlier this year, in August 2023, the company addressed another command injection vulnerability, CVE-2025-25256, within its FortiSIEM security monitoring solution. This patch was issued promptly following a report from cybersecurity firm GreyNoise, which highlighted a surge in brute-force attacks aimed at Fortinet’s SSL VPNs.

Fortinet’s products have been linked to various cyber espionage and ransomware campaigns, reinforcing the importance of timely updates and vigilant security practices. In February 2023, the company revealed that the Chinese hacking collective known as Volt Typhoon exploited two flaws in FortiOS SSL VPNs—CVE-2022-42475 and CVE-2023-27997—to infiltrate a military network associated with the Dutch Ministry of Defence. This incident involved the deployment of a custom remote access trojan (RAT) known as Coathanger.

As cyber threats continue to evolve, organizations using Fortinet products are advised to remain proactive in applying security updates to safeguard their systems against emerging vulnerabilities. The rapid pace of these developments underscores the necessity for a strong security posture in an increasingly interconnected digital landscape.