Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA FortiWeb remediation order for FCEB agencies

Public Sector Action
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

CISA ordered U.S. federal civilian agencies to secure FortiWeb within one week after the flaw was exploited in zero-day attacks, sharply raising the urgency for federal remediation. The directive covers CVE-2025-58034, an OS command injection issue that can enable unauthorized code execution through crafted HTTP requests or CLI commands. CISA also added the flaw to its Known Exploited Vulnerabilities Catalog under BOD 22-01, setting a deadline of Tuesday, November 25th.

Related Happenings

CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server

Public Sector Action
H score35 First: 26.06.2026 22:43 Last: 26.06.2026 22:43 Sources 1

About this happening: CISA ordered **federal agencies** to patch **CVE-2026-20230** in **Cisco Unified Communications Manager Server** by **June 28**, tightening exposure around an **actively exploited...

CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM

Public Sector Action
H score46 First: 26.06.2026 15:31 Last: 26.06.2026 15:31 Sources 1

About this happening: CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...

CISA BOD 26-04 three-day remediation directive

Public Sector Action
H score36 First: 24.06.2026 17:35 Last: 24.06.2026 17:35 Sources 1

About this happening: CISA's **BOD 26-04** requires **federal agencies** to apply available security updates or vendor-recommended mitigations within **three days**, accelerating remediation for **acti...

CISA KEV remediation order for CVE-2026-48907

Public Sector Action
H score89 First: 17.06.2026 08:50 Last: 17.06.2026 08:50 Sources 1

About this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...

CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw

Public Sector Action
H score36 First: 16.06.2026 13:47 Last: 16.06.2026 13:47 Sources 1

About this happening: **CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...

Timeline

  1. 19.11.2025 15:44 2 articles · 7mo ago

    CISA orders FortiWeb remediation for CVE-2025-58034

    Legal Policy Action Update

    CISA ordered U.S. federal civilian agencies to secure Fortinet FortiWeb against CVE-2025-58034 within one week after the flaw was used in zero-day attacks, and added the vulnerability to the Known Exploited Vulnerabilities Catalog under BOD 22-01 with a Tuesday, November 25th deadline. CVE-2025-58034 is an OS command injection issue that can allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands, and CISA also cited CVE-2025-64446 as another FortiWeb flaw under recent and ongoing exploitation.

    Show sources