Many Fortinet Security Updates, Renewed Attacks on FortiWeb

Attackers have repeatedly targeted Fortinet's Web Application Firewall (WAF) FortiWeb. There is now a security patch. However, other products from the network security appliance vendor are still vulnerable.

Admins should take a look at the IT security section of Fortinet's website to identify the products relevant to them. They should then install the available security updates promptly.

Patch Now!

FortiWeb is once again in the crosshairs of attackers. This time, attackers are injecting malicious code via HTTP requests or CLI commands into instances, compromising them. The extent of the attacks and what attackers are specifically doing is currently unknown. The vulnerability (CVE-2025-58034 "high") according to the developers has been closed in the following versions. All previous versions are said to be vulnerable.

• FortiWeb 7.0.12
• FortiWeb 7.2.12
• FortiWeb 7.43.11
• FortiWeb 7.6.6
• FortiWeb 8.0.2

The US security agency CISA has already warned of the attacks. It classifies the gap as a threat to federal companies. Just a few days ago, it became known that attackers are exploiting a "critical" software vulnerability in FortiWeb and subsequently perform actions as an administrator.

Further Dangers

Three vulnerabilities in FortiClientWindows (CVE-2025-47761, CVE-2025-46373) and FortiVoice (CVE-2025-58692) are rated with the threat level "high". At these points, attackers can deploy something without authentication to execute malicious code.

Further vulnerabilities threaten FortiADC, FortiExtender, and FortiSandbox, among others. Here, attackers can mostly execute malicious code as well. This often results in a complete takeover of systems by attackers.

(des)