CISA and FortiGuard Labs have issued urgent alerts regarding a new command injection vulnerability (CVE-2025-58034) in Fortinet’s FortiWeb Web Application Firewall. The flaw is being actively exploited in the wild, allowing authenticated attackers to execute arbitrary commands via the CLI or HTTP requests.
Business Impact
This is a critical risk to perimeter security. Compromising the WAF allows attackers to intercept sensitive traffic, manipulate web applications, and potentially pivot into the internal network. Since it is actively exploited, unpatched devices are likely already being targeted.
Why It Happened
The vulnerability stems from improper input sanitization in the management interface, allowing attackers to inject malicious commands that the system executes with high privileges.
Recommended Executive Action
Direct network security teams to apply the Fortinet patches immediately. Ensure management interfaces are not exposed to the public internet. Review logs for any suspicious administrative activity or unexpected command execution.
Hashtags: #Fortinet #FortiWeb #ZeroDay #Vulnerability #RCE #CISA #CyberSecurity #PatchNow #InfoSec