Critical Vulnerabilities in Fortinet FortiWeb Actively Exploited

Critical Vulnerabilities in Fortinet FortiWeb Actively Exploited

First seen 1 Dec 2025, 15:41 UTC CisaSecurityaffairs.CoCyberdaily.AuBleepingcomputerCybersecuritynews+31 63% similarity 33.1

Article Content

Browse articles
ThreatCluster

Fortinet's FortiWeb web application firewall has been compromised by two critical vulnerabilities, CVE-2025-64446 and CVE-2025-58034, both of which are under active exploitation. The first vulnerability allows unauthenticated attackers to execute administrative commands, while the second enables authenticated attackers to perform OS command injection. CISA has issued urgent advisories for affected organizations to patch their systems promptly.

ThreatCluster AI

Community

Browse all →