Fortinet
Fortinet warns of critical FortiCloud SSO login auth bypass flaws
Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. Threat actors can exploit the two security flaws tracked as CVE-2025-59718 (FortiOS, FortiProxy, FortiSwitchManager) and CVE-2025-59719 (FortiWeb) by abusing improper verification of cryptographic signature weaknesses in vulnerable products via a […]
CISA gives govt agencies 7 days to patch new Fortinet flaw
CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet’s FortiWeb web application firewall, which was exploited in zero-day attacks. Tracked as CVE-2025-58034, this OS command injection flaw can allow authenticated threat actors to execute code as root in low-complexity attacks that don’t require user interaction. “An Improper […]
Fortinet warns of new FortiWeb zero-day exploited in attacks
Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. Tracked as CVE-2025-58034, this web application firewall security flaw was reported by Jason McFadyen of Trend Micro’s Trend Research team. Authenticated threat actors can gain code execution by successfully exploiting this OS command injection vulnerability in […]
Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks
Fortinet has confirmed that it has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now “massively exploited in the wild.” The flaw was silently patched after reports that unauthenticated attackers were exploiting an unknown FortiWeb path traversal flaw in early October to create new administrative users on Internet-exposed devices. The attacks were first […]
Fortinet FortiWeb flaw with public PoC exploited to create admin users
A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication. The issue is fixed in FortiWeb 8.0.2, and admins are urged to update as soon as possible and check for signs of unauthorized access The exploitation was first spotted by threat intelligence company Defused […]
Researcher to release exploit for full auth bypass on FortiWeb
A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication. The flaw was reported responsibly to Fortinet and is now tracked as CVE-2025-52970. Fortinet released a fix on August 12. Security researcher Aviv Y named the vulnerability FortMajeure and describes it as […]
Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild
Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates. FortiSIEM is a central security monitoring and analytics system used for logging, network telemetry, and security incident alerts, serving as an integral part of security operation centers, where […]
Spike in Fortinet VPN brute-force attacks raises zero-day concerns
A massive spike in brute-force attacks targeted Fortinet SSL VPNs earlier this month, followed by a switch to FortiManager, marked a deliberate shift in targeting that has historically preceded new vulnerability disclosures. The campaign, detected by threat monitoring platform GreyNoise, manifested in two waves, on August 3 and August 5, with the second wave pivoting […]
Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now
Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers. FortiWeb is a web application firewall (WAF), which is used to protect web applications from malicious HTTP traffic and threats. The FortiWeb vulnerability has a 9.8/10 severity score and is tracked […]
Critical Fortinet flaws now exploited in Qilin ransomware attacks
The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. Qilin (also tracked as Phantom Mantis) surfaced in August 2022 as a Ransomware-as-a-Service (RaaS) operation under the “Agenda” name and has since claimed responsibility for over 310 victims on its dark […]