Find notable cyber news and cases, enriched with sources, timelines, and signals.

FortiWeb CVE-2025-58034 mitigation advisory

Advisory/Mitigation
First reported
Last updated
Happening score
H score 48
2 unique sources, 2 articles

Summary

Hide ▲

FortiWeb operators were told to upgrade affected releases after Fortinet tied the advisory to CVE-2025-58034 and said the flaw had been exploited in the wild. The guidance covers FortiWeb 8.0.0-8.0.1, 7.6.0-7.6.5, 7.4.0-7.4.10, 7.2.0-7.2.11, and 7.0.0-7.0.11. Fortinet says the fix is to move to 8.0.2, 7.6.6, 7.4.11, 7.2.12, or 7.0.12 and above. The underlying issue is an OS command injection bug that can let an authenticated attacker run unauthorized code via crafted HTTP requests or CLI commands.

Related Happenings

Fortinet security patch release for CVE-2026-39813

Security Patch Release
H score41 First: 16.06.2026 12:19 Last: 16.06.2026 12:19 Sources 1

About this happening: **Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...

Fortinet FortiSandbox multi-CVE exploitation wave

Exploitation Wave
H score49 First: 16.06.2026 12:19 Last: 16.06.2026 12:19 Sources 1

About this happening: **Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...

Fortinet and Ivanti multi-product security patch release

Security Patch Release
H score47 First: 10.06.2026 11:50 Last: 10.06.2026 11:50 Sources 1

About this happening: **Fortinet** and **Ivanti** released patches on **Tuesday** for multiple product flaws, including **critical OS command injection** and **authentication-bypass** bugs that could e...

Latest development: 11.06.2026 09:20

Attackers are targeting Ivanti Sentry instances with CVE-2026-10520 exploitation attempts after Ivanti patched the maximum-severity OS command injection flaw in R10.5.2, R10.6.2, and R10.7.1. Shadowserver reported 19 vulnerable instances in its scans and at least 2 backdoored gateways, warning that unpatched Internet-exposed secure mobile gateways are likely compromised.

Ivanti security patch release for CVE-2026-8043

Security Patch Release
H score25 First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Fortinet security patch release for CVE-2026-44277

Security Patch Release
H score39 First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

Timeline

  1. 19.11.2025 06:20 2 articles · 7mo ago

    Fortinet warns on FortiWeb CVE-2025-58034

    Initial Disclosure

    Fortinet warned that CVE-2025-58034 in FortiWeb is an OS Command Injection flaw with a CVSS score of 6.7 that has been exploited in the wild, and said an authenticated attacker could execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. Fortinet identified affected FortiWeb releases 8.0.0 through 8.0.1, 7.6.0 through 7.6.5, 7.4.0 through 7.4.10, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11, with fixes in 8.0.2, 7.6.6, 7.4.11, 7.2.12, and 7.0.12 or above; Trend Micro researcher Jason McFadyen was credited under responsible disclosure.

    Show sources