• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 56000 (56k) monthly views (unique) and 285135 clicks per month, as per Google Analytics! Thank you for your support! 🎉

Urgent Warning: Fortinet Confirms FortiWeb Zero-Day Being Actively Exploited

johny899

johny899

New Member
Content Writer
Messages
860
Reaction score
3
Points
23
Balance
$1,055.1USD
Today I spotted Fortinet's latest news and I have to admit it caught my eye immediately. A new zero-day vulnerability has appeared in FortiWeb that's being exploited in the wild. If you use FortiWeb or any web application firewall, you're going to pay attention here. I use these products myself and the news had personal impact.

What is the FortiWeb zero-day?​

Fortinet has identified a vulnerability and named it CVE-2025-58034. This vulnerability allows an authenticated user to execute system commands.

Have you thought about how scary it is when someone can execute commands on your system? It is very scary.

The vulnerability is triggered by HTTP Requests or Command Line Interface Commands. The fact that the vulnerability is already being used by adversaries into consideration makes it all the more alarming.

Which versions are impacted?​

If you have any of these versions you need to update:
  • FortiWeb 8.0.0 - 8.0.1 - upgrade to 8.0.2 or newer
  • FortiWeb 7.6.0 - 7.6.5 - upgrade to 7.6.6 or newer
  • FortiWeb 7.4.0 - 7.4.10 - upgrade to 7.4.11 or newer
  • FortiWeb 7.2.0 - 7.2.11 - upgrade to 7.2.12 or newer
  • FortiWeb 7.0.0 - 7.0.11 - upgrade to 7.0.12 or newer
In a nutshell, your old version is not secure.

The significance of the issue​

I place great value in security tools. And you probably do also. And so when those tools have bugs, there is an additional feeling of risk.

So what makes this zero-day vulnerability specifically serious?
  • It's not simply a possible risk; it has already been exploited.
  • It affects a security product that is supposed to protect us from the exploit it enables.
  • It's the second FortiWeb issue from this week—overwhelming concern builds as a result.
Have you ever done a patch and thought, "Now I am safe"? I did also—until I read this and remember to keep my guard up.

How to better protect your system​

Here are basic steps I take and recommend:
  • Immediately apply updated FortiWeb patch
  • Turn off the internet to the web admin panel until you can apply an update
  • Look for strange admin logins and unknown configuration changes
  • Watch your logs for strange POST requests and unusual commands
  • Change your update habits so critical patches aren't sitting in a queue for days.
These little actions could ultimately prevent you from a larger headache.
 
You must log in or register to reply here.

Support / Help Desk

Blog - (WHV)

Hosting Reviews

Navigation

  1. WHV Forums
    1. WHV - Announcements
    2. General Discussion
    3. Introduction
    4. Web Hosting Forum
    5. Help
    6. News
  2. Marketplace
    1. VPS Offers
    2. Dedicated Server Offers
    3. Shared Hosting Offers
    4. Reseller Hosting Offers
    5. Other Offers (Not Hosting)
    6. Domains
  3. Web Hosting Discussion
    1. Hosting Software & Control Panels
    2. Other Hosting Tutorials
    3. Reviews
    4. Articles
    5. Offtopic
  4. Web Hosting Tutorials
    1. cPanel Tutorials
    2. WHM Reseller Tutorials
    3. DirectAdmin Tutorials
    4. Blesta Tutorials
    5. WHMCS Tutorials
  5. Hosting Extensions
    1. WHMCS Market
    2. Blesta Market
    3. HostBill Market
Top