Find notable cyber news and cases, enriched with sources, timelines, and signals.

FortiWeb actively exploited OS command injection (CVE-2025-58034)

Vulnerability
First reported
Last updated
Happening score
H score 40
2 unique sources, 2 articles

Summary

Hide ▲

FortiWeb users face unauthorized code execution risk after Fortinet said CVE-2025-58034 has been exploited in the wild. The flaw is an OS command injection issue that can be triggered by an authenticated attacker using crafted HTTP requests or CLI commands. Fortinet rates it 6.7 CVSS and has released fixes in FortiWeb 8.0.2, 7.6.6, 7.4.11, 7.2.12, and 7.0.12. The vulnerability matters because successful exploitation can chain authentication into execution of operating system commands on the underlying system.

Related Happenings

Fortinet FortiSandbox multi-CVE exploitation wave

Exploitation Wave
H score49 First: 16.06.2026 12:19 Last: 16.06.2026 12:19 Sources 1

About this happening: **Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...

FortiClient EMS CVE-2026-35616 exploitation wave

Exploitation Wave
H score56 First: 28.05.2026 18:26 Last: 28.05.2026 18:26 Sources 1

About this happening: **CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...

ChromaDB Python API exposure mitigation (CVE-2026-45829)

Advisory/Mitigation
H score25 First: 20.05.2026 01:25 Last: 20.05.2026 01:25 Sources 1

About this happening: **HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
H score53 First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

FortiSIEM command injection flaw (CVE-2025-25256)

Vulnerability
H score44 First: 14.01.2026 20:51 Last: 14.01.2026 20:51 Sources 1

About this happening: **CVE-2025-25256** in **Fortinet FortiSIEM** now has **public exploit code** and technical details, raising the risk of **remote, unauthenticated code or command execution** on af...

Timeline

  1. 19.11.2025 06:20 2 articles · 7mo ago

    Fortinet warns of exploited FortiWeb CVE-2025-58034

    Initial Disclosure

    Fortinet warned that CVE-2025-58034 in FortiWeb has been exploited in the wild. The medium-severity OS command injection flaw can let an authenticated attacker execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands, and Fortinet has issued fixed releases for affected FortiWeb versions.

    Show sources