CISA gives govt agencies 7 days to patch new Fortinet flaw
2 mins read

CISA gives govt agencies 7 days to patch new Fortinet flaw

geekfeed0Tagged , , , , ,

CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet’s FortiWeb web application firewall, which was exploited in zero-day attacks.

Tracked as CVE-2025-58034, this OS command injection flaw can allow authenticated threat actors to execute code as root in low-complexity attacks that don’t require user interaction.

“An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands,” Fortinet said on Tuesday.

“The specific flaw exists within the implementation of the policy_scripting_post_handler method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root,” noted the Trend Micro research team who reported the vulnerability.

CISA added CVE-2025-58034 to its Known Exploited Vulnerabilities Catalog the same day, giving Federal Civilian Executive Branch (FCEB) agencies until Tuesday, November 25th, to secure their systems against attacks as mandated by the Binding Operational Directive (BOD) 22-01.

“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” CISA warned.

“With recent and ongoing exploitation events [..], a reduced remediation timeframe of one week is recommended,” it added, referring to a second FortiWeb flaw (CVE-2025-64446) exploited in zero-day attacks that Fortinet silently patched in late October.

On Friday, CISA also added the CVE-2025-64446 vulnerability to its catalog of actively exploited security flaws, ordering U.S. federal agencies to patch their devices by November 21st.

GeekFeed has reached out to a Fortinet spokesperson with questions about these flaws, but we have yet to receive a response.

In August, Fortinet addressed another command injection vulnerability (CVE-2025-25256) in its FortiSIEM solution, following a GreyNoise report warning of a surge in brute-force attacks against Fortinet SSL VPNs.

Fortinet vulnerabilities are commonly exploited in cyber espionage and ransomware attacks. For instance, in February, Fortinet revealed that a Chinese hacking group tracked as Volt Typhoon exploited two FortiOS SSL VPN flaws to breach a Dutch Ministry of Defence military network using a custom remote access trojan (RAT) called Coathanger.

Leave a Reply

Your email address will not be published. Required fields are marked *

Website https://geekfeed.net

Related Posts