Fortinet security patch release for CVE-2025-58034
Security Patch Release
Summary
Hide ▲
Show ▼
Fortinet released security updates for FortiWeb to fix CVE-2025-58034, an authenticated OS command injection flaw that can allow arbitrary code execution. The affected FortiWeb versions were updated to fixed releases, and the issue was reported as actively exploited in the wild. The patch release is part of a broader Fortinet update bundle covering multiple products and 17 vulnerabilities. The same update cycle also addressed CVE-2025-64446, another FortiWeb flaw confirmed targeted in attacks, and CISA added CVE-2025-58034 to its Known Exploited Vulnerabilities catalog with a one-week remediation window for federal agencies.
Related Happenings
CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM
Public Sector Action
H score46
First: 26.06.2026 15:31
Last: 26.06.2026 15:31
Sources 1
About this happening:
CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...
CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM
Public Sector ActionAbout this happening: CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...
JCE Pro 2.9.99.6 patch for CVE-2026-48907
Security Patch Release
H score46
First: 17.06.2026 13:09
Last: 17.06.2026 13:09
Sources 1
About this happening:
**JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...
JCE Pro 2.9.99.6 patch for CVE-2026-48907
Security Patch ReleaseAbout this happening: **JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...
Fortinet security patch release for CVE-2026-39813
Security Patch Release
H score41
First: 16.06.2026 12:19
Last: 16.06.2026 12:19
Sources 1
About this happening:
**Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
Fortinet security patch release for CVE-2026-39813
Security Patch ReleaseAbout this happening: **Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
Fortinet FortiSandbox multi-CVE exploitation wave
Exploitation Wave
H score49
First: 16.06.2026 12:19
Last: 16.06.2026 12:19
Sources 1
About this happening:
**Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...
Fortinet FortiSandbox multi-CVE exploitation wave
Exploitation WaveAbout this happening: **Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...
Fortinet and Ivanti multi-product security patch release
Security Patch Release
H score47
First: 10.06.2026 11:50
Last: 10.06.2026 11:50
Sources 1
About this happening:
**Fortinet** and **Ivanti** released patches on **Tuesday** for multiple product flaws, including **critical OS command injection** and **authentication-bypass** bugs that could e...
Fortinet and Ivanti multi-product security patch release
Security Patch ReleaseAbout this happening: **Fortinet** and **Ivanti** released patches on **Tuesday** for multiple product flaws, including **critical OS command injection** and **authentication-bypass** bugs that could e...
Latest development: 11.06.2026 09:20
Attackers are targeting Ivanti Sentry instances with CVE-2026-10520 exploitation attempts after Ivanti patched the maximum-severity OS command injection flaw in R10.5.2, R10.6.2, and R10.7.1. Shadowserver reported 19 vulnerable instances in its scans and at least 2 backdoored gateways, warning that unpatched Internet-exposed secure mobile gateways are likely compromised.
Timeline
-
19.11.2025 11:46 1 articles · 7mo ago
Fortinet confirms CVE-2025-64446 exploitation in FortiWeb
Exploitation ObservedFortinet confirmed on November 14, 2025 that CVE-2025-64446, a critical-severity path traversal issue in FortiWeb, had been targeted in attacks, marking the second publicly disclosed FortiWeb zero-day within a week.
Show sources
- Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week — www.securityweek.com — 19.11.2025 11:46
-
19.11.2025 11:46 2 articles · 7mo ago
Fortinet releases FortiWeb patches and CISA adds CVE-2025-58034 to KEV
Mitigation Patch UpdateFortinet released patches for 17 vulnerabilities, including CVE-2025-58034, an OS command injection flaw in FortiWeb that can let authenticated attackers execute arbitrary code via crafted HTTP requests or CLI commands; the vendor patched FortiWeb versions 8.0.2, 7.6.6, 7.4.11, 7.2.12, and 7.0.12, and CISA added CVE-2025-58034 to its Known Exploited Vulnerabilities catalog with a one-week patch window for federal agencies.
Show sources
- Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week — www.securityweek.com — 19.11.2025 11:46
- Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week — www.securityweek.com — 19.11.2025 11:46
-
18.11.2025 21:01 2 articles · 7mo ago
Fortinet releases FortiWeb fixes for CVE-2025-58034
Mitigation Patch UpdateFortinet released security updates for FortiWeb to fix CVE-2025-58034, an authenticated OS command injection flaw reported by Jason McFadyen of Trend Micro's Trend Research team and observed being exploited in the wild. The vulnerability can let an authenticated attacker execute unauthorized code via crafted HTTP requests or CLI commands, and Fortinet told administrators to upgrade FortiWeb 8.0.0 through 8.0.1 to 8.0.2 or above, 7.6.0 through 7.6.5 to 7.6.6 or above, 7.4.0 through 7.4.10 to 7.4.11 or above, 7.2.0 through 7.2.11 to 7.2.12 or above, and 7.0.0 through 7.0.11 to 7.0.12 or above.
Show sources
- Fortinet warns of new FortiWeb zero-day exploited in attacks — www.bleepingcomputer.com — 18.11.2025 21:01
- Fortinet warns of new FortiWeb zero-day exploited in attacks — www.bleepingcomputer.com — 18.11.2025 21:01