Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Active Exploitation of Vulnerability in FortiWeb

21 November 2025

Fortinet has released security updates to address a vulnerability in their FortiWeb products.

Background

Fortinet has released security updates to address a vulnerability (CVE-2025-58034) in their FortiWeb products.

Impact

Successful exploitation of the OS Command Injection vulnerability could allow an authenticated attacker to execute arbitrary code via crafted HTTP requests or command-line interface (CLI) commands.

Known Exploitation

This vulnerability is reportedly being exploited in the wild.

Affected Products

The vulnerability affects the following versions:

  • FortiWeb 8.0.0 through 8.0.1

  • FortiWeb 7.6.0 through 7.6.5

  • FortiWeb 7.4.0 through 7.4.10

  • FortiWeb 7.2.0 through 7.2.11

  • FortiWeb 7.0.0 through 7.0.11

Mitigation

Users and administrators of affected product versions are strongly advised to update to the latest versions immediately.

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-513

https://nvd.nist.gov/vuln/detail/CVE-2025-58034

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-fortiweb-zero-day-exploited-in-attacks/


Back to top