Fortinet is once again under fire after the discovery of a second zero-day vulnerability in FortiWeb within a week. The security company released an update to fix the problem.
The Register has already reported on the vulnerability. The vulnerability, registered as CVE-2025-58034, allows logged-in attackers to execute their own code on the device via manipulated HTTP requests or CLI commands. An upgrade to the latest FortiWeb version is necessary to eliminate the risk.
According to Fortinet, the flaw is being actively exploited. Researchers at Trend Micro report that they have now observed thousands of attempts by attackers to exploit the vulnerability. The US cyber watchdog CISA added the leak to the list of known, actively exploited vulnerabilities. Government agencies have one week to patch their systems. This is shorter than the usual deadlines for serious security issues.
FortiWeb vulnerabilities reinforce each other
Fortinet did not share any further details about who is behind the attacks. The company has not reported how widespread the abuse is. However, the question remains whether this new flaw is related to another leak in FortiWeb. That earlier vulnerability, CVE-2025-64446, makes it possible to bypass authentication and execute commands on the system without login credentials. That problem was also exploited by attackers before a patch was available.
Security researchers see strong indications that both flaws can be used in combination. After all, a bypass for the login procedure can open the door to a leak that requires the exploitation of an authenticated session. Trend Micro indicates that the latest leak came to light while reviewing previous vulnerabilities in the same product and that unauthorized access to system commands via the interface poses a real danger to organizations that have not yet updated.
Rapid7 notes in a technical analysis that the short time between the disclosures, the supplier’s previous silent patching, and the functionality of both bugs point to a possible exploit chain leading to full remote code execution without any form of authentication. For organizations using FortiWeb, this means that installing the available updates is urgent to prevent abuse.