Fortinet FortiWeb exploited

FortiWeb under pressure: patch now, not later.

Fortinet warned that FortiWeb has a vulnerability (CVE-2025-58034) exploited in the wild, alongside a separate, more severe path-traversal (CVE-2025-64446) fixed in 8.0.2. The flaws can allow unauthenticated attackers to run admin commands or inject OS commands. Customers should upgrade to patched versions immediately and review logs for compromise attempts. CISA also flagged the issues, underscoring the need to act quickly on internet-facing WAFs.

Fortinet has issued a double-whammy of warnings for FortiWeb. One bug, CVE-2025-58034, is actively exploited with a medium score, while another, CVE-2025-64446 (path traversal), scores 9.8 and is fixed in v8.0.2. Either way, attackers can execute commands and pivot, not what you want from your web application firewall.

CISA has echoed the urgency, noting exploitation and advising immediate upgrades. If you can’t patch today, Fortinet suggests restricting HTTP/HTTPS exposure and validating configs while you plan the jump to safe builds. After patching, comb through logs for odd admin actions and unexpected traffic bursts.

Your short list:
• Upgrade to versions that remediate 58034/64446 (8.0.2+).
• If exposed to the internet, consider temporary access controls while upgrading.
• Rotate admin creds/tokens and check for unauthorised config changes.
• Add detections for exploit URL patterns and command-injection artefacts.
A WAF is meant to be your shield — don’t let it become the point of entry. Patch fast and verify trust.