Fortinet News Articles

CISA gives govt agencies 7 days to patch new Fortinet flaw

CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet's FortiWeb web application firewall, which was exploited in zero-day attacks.

1 day ago

CISA Warns of Fortinet FortiWeb OS Command Injection Vulnerability Exploited in the Wild

CISA issued warning vulnerability affecting Fortinet FortiWeb appliances that threat actors are currently exploiting in active attacks.

1 day ago

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034) - Help Net Security

Attackers are exploiting another FortiWeb vulnerability (CVE-2025-58034) that Fortinet fixed without making its existence public at the time.

1 day ago

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034, which attackers are actively exploiting.

2 days ago

New FortiWeb 0-Day Command Injection Vulnerability Exploited in the Wild

Fortinet has released an urgent security advisory addressing a newly discovered zero-day vulnerability, CVE-2025-58034, in its FortiWeb web application firewall platform, after evidence emerged of active exploitation in the wild.

2 days ago

Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild

Fortinet warns of FortiWeb flaw CVE-2025-58034 exploited in the wild and issues urgent upgrade guidance.

2 days ago

Fortinet Silent Patch Raises Concern Among Security Pros

Fortinet may have silently patched an exploited zero-day vulnerability more than two weeks before officially disclosing the vulnerability.

2 days ago

Fortinet warns of new FortiWeb zero-day exploited in attacks

Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks.

2 days ago

Fortinet FortiWeb WAF Vulnerability Exploited in the Wild, CISA Warns of Admin Access Risk

The vulnerability poses an immediate risk to organizations operating Fortinet's web application firewall (WAF) infrastructure.

3 days ago

Critical Fortinet FortiWeb WAF Bug Exploited in Wild

The vulnerability could allow an unauthenticated attacker to remotely execute administrative commands.

3 days ago

PoC Exploit Tool Released for FortiWeb WAF Vulnerability Exploited in the Wild

A proof-of-concept (PoC) exploit tool for CVE-2025-64446 has been publicly released on GitHub. This vulnerability, affecting FortiWeb devices from Fortinet, involves a critical path traversal flaw that has already been observed in real-world attacks, allowing unauthorized access to sensitive CGI end...

5 days ago

CVE-2025-64446 in Fortinet FortiWeb: Details, Next Steps

A critical vulnerability, CVE-2025-64446, in Fortinet FortiWeb is being actively exploited. Read more for technical details & impact to organizations.

5 days ago

CVE-2025-64446: Critical Fortinet FortiWeb Path Traversal Vulnerability Exploited to Create Administrative Accounts | Arctic Wolf

On November 13, 2025, open source reporting began detailing active exploitation of a silently patched Fortinet FortiWeb vulnerability.

6 days ago

Fortinet finally cops to critical bug under active exploit

Fortinet finally published a security advisory on Friday for a critical FortiWeb path traversal vulnerability under active exploitation – but it appears digital intruders got a month's head start. The bug,...

6 days ago

Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks

Fortinet has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now being widely exploited.

6 days ago

Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability

Fortinet said an exploited FortiWeb vulnerability (CVE-2025-64446) allows attackers to gain administrative access to the security appliances.

1 week ago

Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability

Fortinet said an exploited FortiWeb vulnerability (CVE-2025-64446) allows attackers to gain administrative access to the security appliances.

1 week ago

Researcher to release exploit for full auth bypass on FortiWeb

A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication.

Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild

Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates.

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

CVE-2025-25256 in FortiSIEM scored 9.8 CVSS; active exploit found, prompting urgent patching. (

Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter is out! Every week, the best security articles from Security Affairs in your email box

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

Hackers exploited a Fortinet FortiWeb flaw the same day a PoC was published, compromising dozens of systems.

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

Hackers exploited a Fortinet FortiWeb flaw the same day a PoC was published, compromising dozens of systems.

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its KEV Catalog, based on evidence of active exploitation

CISA Warns of Fortinet FortiWeb SQL Injection Vulnerability Exploited in Attacks

CISA has added a critical Fortinet FortiWeb vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation of the SQL injection flaw in cyberattacks worldwide.

FortiWeb Systems Compromised via Webshells After Public PoC Release

A widespread cyberattack campaign has successfully compromised dozens of Fortinet FortiWeb instances through webshell deployment.

Fortinet FortiWeb Instances Hacked With Webshells Following Public PoC Exploits

Dozens of Fortinet FortiWeb instances have been compromised with webshells in a widespread hacking campaign, according to the threat monitoring organization The Shadowserver Foundation.

New Fortinet FortiWeb hacks likely linked to public RCE exploits

Multiple Fortinet FortiWeb instances recently infected with web shells are believed to have been compromised using public exploits for a recently patched remote code execution (RCE) flaw tracked as CVE-2025-25257.

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257) - Help Net Security

With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 is expected to be leveraged by attackers soon.

The first week of CVE-2025-25257 in FortiWeb Fabric Connector – Global Security Mag Online

The first week of CVE-2025-25257 in FortiWeb Fabric Connector CrowdSec

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

PoC exploits released for critical Fortinet FortiWeb flaw allowing pre-auth RCE. Fortinet urges users to patch.

Critical Vulnerability Exposes Fortinet FortiWeb to Full Takeover (CVE-2025-25257)

WatchTowr Labs reveals CVE-2025-25257, a critical FortiWeb SQL injection vulnerability allowing unauthenticated remote code execution.

Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)

Fortinet fixes a critical SQL injection vulnerability in FortiWeb (CVE-2025-25257), posing risks to database security.

Fortinet FortiWeb Fabric Connector Vulnerability Exploited to Execute Remote Code

A critical security vulnerability in Fortinet's FortiWeb Fabric Connector has been discovered and exploited, allowing attackers to execute remote code on affected systems without authentication.

Critical Fortinet flaws now exploited in Qilin ransomware attacks

The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely.

Researchers Drop PoC for Fortinet CVE-2025-32756, Urging Quick Patching

Researchers have released PoC for CVE-2025-32756, a vulnerability actively being exploited in Fortinet products like FortiMail and FortiCamera.

Fortinet Zero-Day Under Attack: PoC Now Publicly Available

The vulnerability is a stack-based buffer overflow located within the administrative API, specifically in the handling of session cookies.

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Fortinet patched CVE-2025-32756, a zero-day flaw exploited in FortiVoice systems, risking remote code execution.

Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) - Help Net Security

Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice systems.

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices - Help Net Security

An attacker using old FortiOS flaws to breach FortiGate devices has been leveraging symlink to retain limited access to them after patching.

FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) - Help Net Security

Fortinet has released patches for a vulnerability (CVE-2024-48887) in its FortiSwitch devices that could give attackers admin privileges.

Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw

Fortinet patches CVE-2024-48887, a 9.3 CVSS FortiSwitch flaw, urging quick upgrades to avoid attacks.

Critical Fortinet Vuln Draws Fresh Attention

CISA this week added CVE-2025-24472 to its catalog of known exploited vulnerabilities, citing ransomware activity targeting the authentication bypass flaw.

Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns

The US Cybersecurity and Infrastructure Security Agency added flaws in Fortinet and a popular GitHub Action to its Known Exploited Vulnerabilities catalog

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

CISA Issues Security Warning on Fortinet FortiOS Authentication Bypass Exploit

The Cybersecurity and Infrastructure Security Agency (CISA) issued a critical security warning regarding a severe vulnerability in Fortinet's FortiOS and FortiProxy systems.

New Lockbit-linked ransomware group targets Fortinet vulnerabilities

The “SuperBlack” ransomware leverages the LockBit 3.0 builder with a custom encryption tool.

New ransomware gang targets Fortinet firewalls, victim data

Researchers are tracking a newly discovered ransomware group with suspected links to LockBit after a series of intrusions were reported starting in January. Forescout said the group it's tracking as Mora_001...

CISA Adds Four Known Exploited Vulnerabilities to Catalog | CISA

CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-55591(link is external) Fortinet FortiOS Authorization Bypass...