Fortinet’s Double Trouble: Two New Vulnerabilities Crash the Party!
U.S. CISA has added a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog. This FortiWeb vulnerability, tracked as CVE-2025-58034, could let an attacker execute unauthorized code. CISA wants federal agencies to act fast—before hackers RSVP to this new cyber shindig.
Hot Take:
Fortinet seems to be engaged in a game of cybersecurity whack-a-mole, and their moles are winning! With CISA adding yet another FortiWeb vulnerability to its KEV catalog, it’s clear that hackers have taken a liking to Fortinet’s web security products like a kid to candy. Perhaps it’s time Fortinet invests in some supercharged bug spray—or maybe a firewall made of actual fire?
Key Points:
– CISA added a new Fortinet FortiWeb vulnerability, CVE-2025-58034, to its Known Exploited Vulnerabilities catalog.
– The flaw involves improper neutralization of special elements in an OS Command, allowing unauthorized code execution.
– Affected FortiWeb versions include 8.0.0 through 8.0.1, among others, with fixes available for each.
– Federal agencies must patch these vulnerabilities by November 25, 2025, as per CISA directives.
– Fortinet has recently patched another critical zero-day vulnerability, CVE-2025-64446.