Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Fortinet security patch release for CVE-2025-58034

Security Patch Release
First reported
Last updated
Happening score
H score 46
2 unique sources, 2 articles

Summary

Hide ▲

Fortinet released security updates for FortiWeb to fix CVE-2025-58034, an authenticated OS command injection flaw that can allow arbitrary code execution. The affected FortiWeb versions were updated to fixed releases, and the issue was reported as actively exploited in the wild. The patch release is part of a broader Fortinet update bundle covering multiple products and 17 vulnerabilities. The same update cycle also addressed CVE-2025-64446, another FortiWeb flaw confirmed targeted in attacks, and CISA added CVE-2025-58034 to its Known Exploited Vulnerabilities catalog with a one-week remediation window for federal agencies.

Related Happenings

Fortinet and Ivanti multi-product security patch release

Security Patch Release
H score47 First: 10.06.2026 11:50 Last: 10.06.2026 11:50 Sources 1

About this happening: **Fortinet** and **Ivanti** released patches on **Tuesday** for multiple product flaws, including **critical OS command injection** and **authentication-bypass** bugs that could e...

Latest development: 11.06.2026 09:20

Attackers are targeting Ivanti Sentry instances with CVE-2026-10520 exploitation attempts after Ivanti patched the maximum-severity OS command injection flaw in R10.5.2, R10.6.2, and R10.7.1. Shadowserver reported 19 vulnerable instances in its scans and at least 2 backdoored gateways, warning that unpatched Internet-exposed secure mobile gateways are likely compromised.

Open Happening

SolarWinds security patch release for CVE-2026-28318

Security Patch Release
H score82 First: 05.06.2026 22:15 Last: 05.06.2026 22:15 Sources 1

About this happening: SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...

Open Happening

FortiClient EMS CVE-2026-35616 exploitation wave

Exploitation Wave
H score56 First: 28.05.2026 18:26 Last: 28.05.2026 18:26 Sources 1

About this happening: **CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...

Open Happening

Ivanti security patch release for CVE-2026-8043

Security Patch Release
H score25 First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Fortinet security patch release for CVE-2026-44277

Security Patch Release
H score50 First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

Open Happening

Timeline

  1. 19.11.2025 11:46 1 articles · 6mo ago

    Fortinet confirms CVE-2025-64446 exploitation in FortiWeb

    Exploitation Observed

    Fortinet confirmed on November 14, 2025 that CVE-2025-64446, a critical-severity path traversal issue in FortiWeb, had been targeted in attacks, marking the second publicly disclosed FortiWeb zero-day within a week.

    Show sources
    Open in new tab
  2. 19.11.2025 11:46 2 articles · 6mo ago

    Fortinet releases FortiWeb patches and CISA adds CVE-2025-58034 to KEV

    Mitigation Patch Update

    Fortinet released patches for 17 vulnerabilities, including CVE-2025-58034, an OS command injection flaw in FortiWeb that can let authenticated attackers execute arbitrary code via crafted HTTP requests or CLI commands; the vendor patched FortiWeb versions 8.0.2, 7.6.6, 7.4.11, 7.2.12, and 7.0.12, and CISA added CVE-2025-58034 to its Known Exploited Vulnerabilities catalog with a one-week patch window for federal agencies.

    Show sources
    Open in new tab
  3. 18.11.2025 21:01 2 articles · 6mo ago

    Fortinet releases FortiWeb fixes for CVE-2025-58034

    Mitigation Patch Update

    Fortinet released security updates for FortiWeb to fix CVE-2025-58034, an authenticated OS command injection flaw reported by Jason McFadyen of Trend Micro's Trend Research team and observed being exploited in the wild. The vulnerability can let an authenticated attacker execute unauthorized code via crafted HTTP requests or CLI commands, and Fortinet told administrators to upgrade FortiWeb 8.0.0 through 8.0.1 to 8.0.2 or above, 7.6.0 through 7.6.5 to 7.6.6 or above, 7.4.0 through 7.4.10 to 7.4.11 or above, 7.2.0 through 7.2.11 to 7.2.12 or above, and 7.0.0 through 7.0.11 to 7.0.12 or above.

    Show sources
    Open in new tab