Tag: fortinet
-
Fortinet Woes Continue With Another WAF Zero-Day Flaw
A second zero-day vulnerability in its web application firewall (WAF) line has come under attack, raising more questions about the vendor’s disclosure practices. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/fortinet-woes-continue-another-waf-zero-day-flaw
-
Fortinet Issues Fixes as FortiWeb Takeover Flaw Sees Active Attacks
Two FortiWeb vulnerabilities, including a critical unauthenticated bypass (CVE-2025-64446), are under attack. Check logs for rogue admin accounts and upgrade immediately. First seen on hackread.com Jump to article: hackread.com/fortinet-fixes-fortiweb-takeover-flaw-active-attacks/
-
CISA Urges Quick Fortinet Patches Amid Exploitation Of New FortiWeb Vulnerability
Tags: cisa, cybersecurity, exploit, firewall, fortinet, infrastructure, vulnerability, waf, zero-dayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging a quick response to Fortinet’s disclosure of a zero-day vulnerability impacting its web application firewall, FortiWeb, which has been exploited in cyberattacks. First seen on crn.com Jump to article: www.crn.com/news/security/2025/cisa-urges-quick-fortinet-patches-amid-exploitation-of-new-fortiweb-vulnerability
-
U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, fortinet, infrastructure, kev, vulnerability, zero-dayU.S. CISA has added a second Fortinet FortiWeb vulnerability in just a few days to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added a Fortinet FortiWeb flaw, tracked as CVE-2025-58034 (CVSS score of 6.7), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Fortinet patched a new FortiWeb zero-day, tracked…
-
CISA gives govt agencies 7 days to patch new Fortinet flaw
CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet’s FortiWeb web application firewall, which was exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-gives-govt-agencies-7-days-to-patch-new-fortinet-flaw/
-
Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034)
Attackers are actively exploiting another FortiWeb vulnerability (CVE-2025-58034) that Fortinet fixed without making its existence public at the time. About CVE-2025-58034 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/19/fortiweb-vulnerability-cve-2025-58034/
-
Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034)
Attackers are actively exploiting another FortiWeb vulnerability (CVE-2025-58034) that Fortinet fixed without making its existence public at the time. About CVE-2025-58034 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/19/fortiweb-vulnerability-cve-2025-58034/
-
Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034)
Attackers are actively exploiting another FortiWeb vulnerability (CVE-2025-58034) that Fortinet fixed without making its existence public at the time. About CVE-2025-58034 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/19/fortiweb-vulnerability-cve-2025-58034/
-
New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet
Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034, which attackers are actively exploiting. Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034 (CVSS score 6.7), which is being actively exploited in attacks in the wild. Trend Micro researcher Jason McFadyen reported the vulnerability. The flaw is an improper neutralization of special elements used in…
-
Zero-Day-Sicherheitslücke in FortiWeb – Fortinet patcht Zero Day erst nach 6 Wochen
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-schwachstelle-fortiweb-cyberangriffe-stillschweigendes-patchen-a-c37959f60aefe798c38d7ef0c83b4bf4/
-
Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild
Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild.The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0.”An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiWeb may allow…
-
Fortinet warns of new FortiWeb zero-day exploited in attacks
Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortinet-warns-of-new-fortiweb-zero-day-exploited-in-attacks/
-
Fortinet warns of new FortiWeb zero-day exploited in attacks
Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortinet-warns-of-new-fortiweb-zero-day-exploited-in-attacks/
-
Fortinet warns of new FortiWeb zero-day exploited in attacks
Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortinet-warns-of-new-fortiweb-zero-day-exploited-in-attacks/
-
Fortinet’s silent patch sparks alarm as a critical FortiWeb flaw is exploited in the wild
Tags: advisory, best-practice, cve, defense, exploit, flaw, fortinet, Internet, reverse-engineering, risk, update, vulnerabilityDefense delayed due to silent patching: While Fortinet officially published an advisory for CVE-2025-64446 on November 14, 2025, the vendor’s earlier version release note made no mention of the vulnerability or the fix, leading to criticism that the patch was applied silently.”Silently patching vulnerabilities is an established bad practice that enables attackers and harms defenders,…
-
CISA Reports Active Attacks on FortiWeb WAF Vulnerability Allowing Admin Access
Tags: access, attack, cisa, cve, cyber, cybersecurity, exploit, flaw, fortinet, infrastructure, kev, vulnerability, wafThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Fortinet FortiWeb vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively exploited in the wild. The vulnerability, tracked as CVE-2025-64446, allows unauthenticated attackers to gain administrative access to affected systems via a path-traversal vulnerability. Critical Path Traversal Flaw…
-
Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage
The security vendor silently patched a vulnerability, but did not assign the flaw a CVE or publicly disclose its existence until 17 days later. By then, widespread attacks were already underway. First seen on cyberscoop.com Jump to article: cyberscoop.com/fortinet-delayed-disclosure-exploited-vulnerability/
-
Critical Fortinet FortiWeb WAF Bug Exploited in the Wild
The vulnerability could allow an unauthenticated attacker to remotely execute administrative commands. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/critical-fortinet-fortiweb-waf-bug-exploited-in-wild
-
Critical vulnerability in Fortinet FortiWeb is under exploitation
The company faces criticism as multiple researchers claim a silent patch was issued weeks before official guidance was released. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-vulnerability-in-fortinet-fortiweb-is-under-exploitation/805688/
-
CISA gives federal agencies one week to patch exploited Fortinet bug
U.S. government agencies have been given a shorter window than usual to patch a critical vulnerability affecting Fortinet’s FortiWeb firewall product. First seen on therecord.media Jump to article: therecord.media/fortinet-fortiweb-vulnerability-cisa-advisory
-
Critical FortiWeb WAF Flaw Actively Exploited to Establish Admin Access and Seize Total Control
Fortinet has released urgent security updates to address a critical vulnerability in its FortiWeb Web Application Firewall (WAF) that is being actively exploited in the wild. Tracked as CVE-2025-64446, the flaw allows unauthenticated attackers to execute administrative commands and gain complete control of affected systems. The vulnerability has been assigned a critical severity rating with…
-
âš¡ Weekly Recap: Fortinet Exploited, China’s AI Hacks, PhaaS Empire Falls & More
This week showed just how fast things can go wrong when no one’s watching. Some attacks were silent and sneaky. Others used tools we trust every day, like AI, VPNs, or app stores, to cause damage without setting off alarms.It’s not just about hacking anymore. Criminals are building systems to make money, spy, or spread…
-
Security Affairs newsletter Round 550 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Multiple Vulnerabilities in GoSign Desktop lead to Remote Code Execution U.S. CISA adds Fortinet FortiWebflaw to…
-
Week in review: Windows kernel flaw patched, suspected Fortinet FortiWeb zero-day exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Adopting a counterintelligence mindset in luxury logistics In this Help Net … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/16/week-in-review-windows-kernel-flaw-patched-suspected-fortinet-fortiweb-zero-day-exploited/
-
Desaster: Fortinet FortiWeb Schwachstelle (CVE-2025-64446)
Administratoren von Fortinet FortiWeb-Instanzen müssen sich womöglich auf Ärger einstellen. Fortinet hat stillschweigend zum 28. Oktober 2025 eine schwerwiegende Schwachstelle CVE-2025-64446 in seinem FortiWeb gepatcht. Es geht aber seit ca. einem Monat das Gerücht um, dass man über eine Schwachstelle … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/15/fortinet-fortiweb-schwachstelle-cve-2025-64446-ein-desaster/
-
Fortinet finally cops to critical makeadmin bug under active exploitation
More than a month after PoC made public First seen on theregister.com Jump to article: www.theregister.com/2025/11/14/fortinet_active_exploit_cve_2025_64446/
-
Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks
Fortinet has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now being widely exploited. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortinet-confirms-silent-patch-for-fortiweb-zero-day-exploited-in-attacks/