Patching advice: Affected versions of FortiWeb include 7.0.0 through 7.0.11, 7.2.0 through 7.2.11, 7.4.0 through 7.4.9, 7.6.0 through 7.6.4, and 8.0.0 through 8.0.1. Fixes are applied, in the same order, by releases 7.0.12, 7.2.12, 7.4.10, 7.6.5, and 8.0.2.Meanwhile, the widespread use of FortiWeb WAFS in government has prompted a warning by CISA that agencies should patch CVE-2025-58034 within one week, an unusually short timeframe for updating. “This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” CISA said.As a leading networking vendor, Fortinet is a frequent target for vulnerability exploits, including zero-days such as the ‘critical’ rated bypass vulnerability affecting FortiProxy secure web gateways in early 2025.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4093949/fortinet-criticized-for-silent-patching-after-disclosing-second-zero-day-vulnerability-in-same-equipment.html
