Fortinet has released security updates to address a FortiWeb zero-day vulnerability that attackers are already exploiting in the wild.
The flaw, tracked as CVE-2025-58034, is a critical OS command injection issue, which allows authenticated threat actors to execute unauthorized code on affected FortiWeb web application firewall appliances.
“An authenticated attacker may execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands,” Fortinet explained in its advisory. The vendor has confirmed that it has already observed active exploitation attempts.
Researchers at cybersecurity firm Trend Micro said that around 2,000 exploitation attempts have been detected.
Administrators are strongly advised to upgrade their FortiWeb devices immediately to the latest software versions to prevent ongoing attacks.
Last week, reports emerged of another FortiWeb zero-day, CVE-2025-64446, which Fortinet silently patched on October 28. The flaw had already been under mass exploitation for weeks. Threat actors exploited the issue to create new administrative users on exposed devices without authentication.