Recent developments have highlighted a significant security concern involving Fortinet's FortiWeb, with two vulnerabilities being actively exploited in the wild. The first, CVE-2025-58034, is a medium-severity OS Command Injection vulnerability with a CVSS score of 6.7. This flaw allows authenticated attackers to execute unauthorized code on the system through crafted HTTP requests or CLI commands. The second, CVE-2025-64446, is a critical vulnerability with a CVSS score of 9.1, which has been silently patched by Fortinet. These vulnerabilities are being chained together to facilitate authentication bypass and command injection, posing a substantial risk to affected systems.
The vulnerabilities have been addressed in recent updates to FortiWeb, with specific versions requiring upgrades to mitigate the risks. Despite the patches, the lack of initial disclosure from Fortinet has left many defenders unprepared, highlighting the importance of timely communication in cybersecurity. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch them by November 25, 2025.
This situation underscores a broader trend in the cybersecurity landscape where attackers exploit undisclosed vulnerabilities before defenders can respond effectively. Organizations using FortiWeb should prioritize updating their systems and remain vigilant for any signs of exploitation. The incident also serves as a reminder of the critical role that transparent communication plays in maintaining robust cybersecurity defenses.
CVE-2025-58034 is an OS Command Injection vulnerability in FortiWeb that allows authenticated attackers to execute arbitrary commands on the system. This vulnerability can be exploited through crafted HTTP requests or CLI commands, potentially leading to unauthorized access and control over affected systems. The impact is significant, as it can compromise the integrity and confidentiality of data processed by FortiWeb.
CVE-2025-64446 is a critical vulnerability that facilitates authentication bypass and command injection when chained with CVE-2025-58034. This exploit chain enables unauthenticated remote code execution on vulnerable FortiWeb devices, significantly increasing the risk of data breaches and system compromise. The exploitation campaigns observed by Orange Cyberdefense highlight the active threat posed by these vulnerabilities.
The vulnerabilities primarily affect organizations using FortiWeb versions 7.0.0 through 8.0.1, with updates available to mitigate the risks. Industries relying on FortiWeb for web application security are particularly at risk, as successful exploitation can lead to severe operational disruptions and data loss.
Clients using vulnerable versions of FortiWeb may experience operational disruptions due to unauthorized access and control over their systems. This could result in data breaches, financial losses, and damage to organizational reputation. The exploitation of these vulnerabilities could also lead to non-compliance with regulatory requirements, exposing organizations to potential audits and penalties.
The lack of initial disclosure from Fortinet has exacerbated the situation, leaving many organizations unprepared for potential attacks. Clients must act swiftly to update their systems and implement additional security measures to protect against these threats.
To mitigate the risks associated with these vulnerabilities, clients should consider the following actions:
By taking these steps, organizations can reduce their exposure to these vulnerabilities and enhance their overall security posture. Continuous monitoring and timely updates are essential components of an effective cybersecurity strategy.
1898 & Co. is actively addressing the current threat landscape by offering specialized services designed to mitigate emerging threats like those affecting FortiWeb. Our team provides tailored vulnerability assessments and penetration testing services to identify and address potential security gaps in client systems.
We have updated our security protocols to incorporate the latest threat intelligence related to these vulnerabilities, ensuring our clients receive the most current guidance and support. Our collaborative efforts with industry allies and government agencies enhance our ability to provide comprehensive threat intelligence and response strategies.
Our ongoing research into emerging threats allows us to offer clients insights into potential risks and effective mitigation techniques. By leveraging our expertise and resources, we strive to support our clients in maintaining robust cybersecurity defenses against evolving threats.