Find notable cyber news and cases, enriched with sources, timelines, and signals.

Fortinet security patch release for CVE-2025-58034

Security Patch Release
First reported
Last updated
Happening score
H score 41
2 unique sources, 2 articles

Summary

Hide ▲

Fortinet released security updates for FortiWeb to fix CVE-2025-58034, an authenticated OS command injection flaw that can allow arbitrary code execution. The affected FortiWeb versions were updated to fixed releases, and the issue was reported as actively exploited in the wild. The patch release is part of a broader Fortinet update bundle covering multiple products and 17 vulnerabilities. The same update cycle also addressed CVE-2025-64446, another FortiWeb flaw confirmed targeted in attacks, and CISA added CVE-2025-58034 to its Known Exploited Vulnerabilities catalog with a one-week remediation window for federal agencies.

Related Happenings

CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM

Public Sector Action
H score46 First: 26.06.2026 15:31 Last: 26.06.2026 15:31 Sources 1

About this happening: CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...

JCE Pro 2.9.99.6 patch for CVE-2026-48907

Security Patch Release
H score46 First: 17.06.2026 13:09 Last: 17.06.2026 13:09 Sources 1

About this happening: **JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...

Fortinet security patch release for CVE-2026-39813

Security Patch Release
H score41 First: 16.06.2026 12:19 Last: 16.06.2026 12:19 Sources 1

About this happening: **Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...

Fortinet FortiSandbox multi-CVE exploitation wave

Exploitation Wave
H score49 First: 16.06.2026 12:19 Last: 16.06.2026 12:19 Sources 1

About this happening: **Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...

Fortinet and Ivanti multi-product security patch release

Security Patch Release
H score47 First: 10.06.2026 11:50 Last: 10.06.2026 11:50 Sources 1

About this happening: **Fortinet** and **Ivanti** released patches on **Tuesday** for multiple product flaws, including **critical OS command injection** and **authentication-bypass** bugs that could e...

Latest development: 11.06.2026 09:20

Attackers are targeting Ivanti Sentry instances with CVE-2026-10520 exploitation attempts after Ivanti patched the maximum-severity OS command injection flaw in R10.5.2, R10.6.2, and R10.7.1. Shadowserver reported 19 vulnerable instances in its scans and at least 2 backdoored gateways, warning that unpatched Internet-exposed secure mobile gateways are likely compromised.

Timeline

  1. 19.11.2025 11:46 1 articles · 7mo ago

    Fortinet confirms CVE-2025-64446 exploitation in FortiWeb

    Exploitation Observed

    Fortinet confirmed on November 14, 2025 that CVE-2025-64446, a critical-severity path traversal issue in FortiWeb, had been targeted in attacks, marking the second publicly disclosed FortiWeb zero-day within a week.

    Show sources
  2. 19.11.2025 11:46 2 articles · 7mo ago

    Fortinet releases FortiWeb patches and CISA adds CVE-2025-58034 to KEV

    Mitigation Patch Update

    Fortinet released patches for 17 vulnerabilities, including CVE-2025-58034, an OS command injection flaw in FortiWeb that can let authenticated attackers execute arbitrary code via crafted HTTP requests or CLI commands; the vendor patched FortiWeb versions 8.0.2, 7.6.6, 7.4.11, 7.2.12, and 7.0.12, and CISA added CVE-2025-58034 to its Known Exploited Vulnerabilities catalog with a one-week patch window for federal agencies.

    Show sources
  3. 18.11.2025 21:01 2 articles · 7mo ago

    Fortinet releases FortiWeb fixes for CVE-2025-58034

    Mitigation Patch Update

    Fortinet released security updates for FortiWeb to fix CVE-2025-58034, an authenticated OS command injection flaw reported by Jason McFadyen of Trend Micro's Trend Research team and observed being exploited in the wild. The vulnerability can let an authenticated attacker execute unauthorized code via crafted HTTP requests or CLI commands, and Fortinet told administrators to upgrade FortiWeb 8.0.0 through 8.0.1 to 8.0.2 or above, 7.6.0 through 7.6.5 to 7.6.6 or above, 7.4.0 through 7.4.10 to 7.4.11 or above, 7.2.0 through 7.2.11 to 7.2.12 or above, and 7.0.0 through 7.0.11 to 7.0.12 or above.

    Show sources