Fortinet security patch release for CVE-2025-58034
Security Patch Release
Summary
Hide ▲
Show ▼
Fortinet released security updates for FortiWeb to fix CVE-2025-58034, an authenticated OS command injection flaw that can allow arbitrary code execution. The affected FortiWeb versions were updated to fixed releases, and the issue was reported as actively exploited in the wild. The patch release is part of a broader Fortinet update bundle covering multiple products and 17 vulnerabilities. The same update cycle also addressed CVE-2025-64446, another FortiWeb flaw confirmed targeted in attacks, and CISA added CVE-2025-58034 to its Known Exploited Vulnerabilities catalog with a one-week remediation window for federal agencies.
Related Happenings
Ivanti security patch release for CVE-2026-8043
Security Patch Release
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Fortinet security patch release for CVE-2026-44277
Security Patch Release
First: 12.05.2026 21:23
Last: 12.05.2026 21:23
Sources 1
About this happening:
Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...
Fortinet security patch release for CVE-2026-44277
Security Patch ReleaseAbout this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...
Google security patch release for CVE-2026-5858
Security Patch Release
First: 10.04.2026 13:44
Last: 10.04.2026 13:44
Sources 1
About this happening:
**Google** released the first stable **Chrome 147** build, closing **60 vulnerabilities** and raising the browser’s baseline security ahead of broader deployment. The patch bundle...
Google security patch release for CVE-2026-5858
Security Patch ReleaseAbout this happening: **Google** released the first stable **Chrome 147** build, closing **60 vulnerabilities** and raising the browser’s baseline security ahead of broader deployment. The patch bundle...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch Release
First: 07.04.2026 12:26
Last: 07.04.2026 12:26
Sources 1
About this happening:
**Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch ReleaseAbout this happening: **Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...
Fortinet FortiClientEMS security update for CVE-2026-21643
Security Patch Release
First: 10.02.2026 06:38
Last: 10.02.2026 06:38
Sources 1
About this happening:
Fortinet released **security updates** for **FortiClientEMS** to fix **CVE-2026-21643**, a critical **SQL injection** flaw that could let an **unauthenticated attacker** execute a...
Fortinet FortiClientEMS security update for CVE-2026-21643
Security Patch ReleaseAbout this happening: Fortinet released **security updates** for **FortiClientEMS** to fix **CVE-2026-21643**, a critical **SQL injection** flaw that could let an **unauthenticated attacker** execute a...
Timeline
-
19.11.2025 11:46 1 articles · 6mo ago
Fortinet confirms CVE-2025-64446 exploitation in FortiWeb
Exploitation ObservedFortinet confirmed on November 14, 2025 that CVE-2025-64446, a critical-severity path traversal issue in FortiWeb, had been targeted in attacks, marking the second publicly disclosed FortiWeb zero-day within a week.
Show sources
- Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week — www.securityweek.com — 19.11.2025 11:46
-
19.11.2025 11:46 2 articles · 6mo ago
Fortinet releases FortiWeb patches and CISA adds CVE-2025-58034 to KEV
Mitigation Patch UpdateFortinet released patches for 17 vulnerabilities, including CVE-2025-58034, an OS command injection flaw in FortiWeb that can let authenticated attackers execute arbitrary code via crafted HTTP requests or CLI commands; the vendor patched FortiWeb versions 8.0.2, 7.6.6, 7.4.11, 7.2.12, and 7.0.12, and CISA added CVE-2025-58034 to its Known Exploited Vulnerabilities catalog with a one-week patch window for federal agencies.
Show sources
- Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week — www.securityweek.com — 19.11.2025 11:46
- Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week — www.securityweek.com — 19.11.2025 11:46
-
18.11.2025 21:01 2 articles · 6mo ago
Fortinet releases FortiWeb fixes for CVE-2025-58034
Mitigation Patch UpdateFortinet released security updates for FortiWeb to fix CVE-2025-58034, an authenticated OS command injection flaw reported by Jason McFadyen of Trend Micro's Trend Research team and observed being exploited in the wild. The vulnerability can let an authenticated attacker execute unauthorized code via crafted HTTP requests or CLI commands, and Fortinet told administrators to upgrade FortiWeb 8.0.0 through 8.0.1 to 8.0.2 or above, 7.6.0 through 7.6.5 to 7.6.6 or above, 7.4.0 through 7.4.10 to 7.4.11 or above, 7.2.0 through 7.2.11 to 7.2.12 or above, and 7.0.0 through 7.0.11 to 7.0.12 or above.
Show sources
- Fortinet warns of new FortiWeb zero-day exploited in attacks — www.bleepingcomputer.com — 18.11.2025 21:01
- Fortinet warns of new FortiWeb zero-day exploited in attacks — www.bleepingcomputer.com — 18.11.2025 21:01