Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week
An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system. The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek.
Fortinet on Tuesday announced patches for 17 vulnerabilities, including a zero-day resolved with the latest FortiWeb updates.
Tracked as CVE-2025-58034 (CVSS score of 6.7), the bug is described as an OS command injection issue that can be exploited by authenticated attackers to execute arbitrary code on the underlying system, via crafted HTTP requests or CLI commands.
“Fortinet has observed this to be exploited in the wild,” the vendor notes in its advisory, without providing details on the attacks.
Source: https://www.securityweek.com/fortinet-discloses-second-exploited-fortiweb-zero-day-in-a-week/
Related breach coverage
- Fortinet Rushes Emergency Fixes for Exploited Zero-Day2026-04-06
The improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely. The post Fortinet Rushes Emergency Fixes for Exploited Zero-Day appeared first on SecurityWeek.
- Exploitation of Critical Fortinet FortiClient EMS Flaw Begins2026-03-31
The SQL injection vulnerability allows unauthenticated attackers to execute arbitrary code remotely, via crafted HTTP requests. The post Exploitation of Critical Fortinet FortiClient EMS Flaw Begins appeared first on SecurityWeek.
- Recent Microsoft Defender Vulnerability Exploited as Zero-Day2026-04-23
The flaw allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges. The post Recent Microsoft Defender Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
- Critical Flowise Vulnerability in Attacker Crosshairs2026-04-07
The improper validation of user-supplied JavaScript code allows attackers to execute arbitrary code and access the file system. The post Critical Flowise Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.