Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

FortiWeb CVE-2025-58034 mitigation advisory

Advisory/Mitigation
First reported
Last updated
Happening score
H score 51
2 unique sources, 2 articles

Summary

Hide ▲

FortiWeb operators were told to upgrade affected releases after Fortinet tied the advisory to CVE-2025-58034 and said the flaw had been exploited in the wild. The guidance covers FortiWeb 8.0.0-8.0.1, 7.6.0-7.6.5, 7.4.0-7.4.10, 7.2.0-7.2.11, and 7.0.0-7.0.11. Fortinet says the fix is to move to 8.0.2, 7.6.6, 7.4.11, 7.2.12, or 7.0.12 and above. The underlying issue is an OS command injection bug that can let an authenticated attacker run unauthorized code via crafted HTTP requests or CLI commands.

Related Happenings

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Fortinet security patch release for CVE-2026-44277

Security Patch Release
First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

Open Happening

CPanel security patch release for CVE-2026-29201

Security Patch Release
First: 09.05.2026 10:16 Last: 09.05.2026 10:16 Sources 1

About this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...

Open Happening

Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)

Security Patch Release
First: 07.04.2026 12:26 Last: 07.04.2026 12:26 Sources 1

About this happening: **Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...

Open Happening

FortiClient EMS improper access control flaw (CVE-2026-35616)

Vulnerability
First: 05.04.2026 21:45 Last: 05.04.2026 21:45 Sources 1

About this happening: **CVE-2026-35616** is being **actively exploited** against **FortiClient Enterprise Management Server (EMS)**, putting exposed **7.4.5 and 7.4.6** deployments at risk of remote co...

Open Happening

Timeline

  1. 19.11.2025 06:20 2 articles · 6mo ago

    Fortinet warns on FortiWeb CVE-2025-58034

    Initial Disclosure

    Fortinet warned that CVE-2025-58034 in FortiWeb is an OS Command Injection flaw with a CVSS score of 6.7 that has been exploited in the wild, and said an authenticated attacker could execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. Fortinet identified affected FortiWeb releases 8.0.0 through 8.0.1, 7.6.0 through 7.6.5, 7.4.0 through 7.4.10, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11, with fixes in 8.0.2, 7.6.6, 7.4.11, 7.2.12, and 7.0.12 or above; Trend Micro researcher Jason McFadyen was credited under responsible disclosure.

    Show sources
    Open in new tab