Fortinet News Articles

Metasploit Releases New Exploit for Fresh FortiWeb 0-Day Vulnerabilities

A Zero-day vulnerabilities in Fortinet's FortiWeb web application firewall, chaining two security flaws to achieve unauthenticated RCE.

3 weeks ago

Metasploit Adds Exploit Module for Recently Disclosed FortiWeb 0-Day Vulnerabilities

The Metasploit Framework has introduced a new exploit module targeting critical vulnerabilities in Fortinet's FortiWeb Web Application Firewall (WAF).

3 weeks ago

Metasploit Adds Exploit Module for Recently Disclosed FortiWeb 0-Day Vulnerabilities

The Metasploit Framework has introduced a new exploit module targeting critical vulnerabilities in Fortinet's FortiWeb Web Application Firewall (WAF).

3 weeks ago

Fortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment

CISA has ordered agencies to patch the FortiWeb web application firewall within seven days after news of exploits emerged.

3 weeks ago

Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation

The medium severity vulnerability can be chained together with a critical flaw in the same product, which could help attackers gain additional capabilities.

3 weeks ago

Fortinet confirms second 0-day in just four days

Fortinet has confirmed that another flaw in its FortiWeb web application firewall has been exploited as a zero-day and issued a patch, just days after disclosing a critical bug in the same product that...

3 weeks ago

Fortinet Woes Continue With Another WAF Zero-Day Flaw

A second zero-day vulnerability in Fortinet's web application firewall (WAF) line has raised more questions about the vendor's disclosure practices.

3 weeks ago

CISA gives govt agencies 7 days to patch new Fortinet flaw

CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet's FortiWeb web application firewall, which was exploited in zero-day attacks.

3 weeks ago

CISA Warns of Fortinet FortiWeb OS Command Injection Vulnerability Exploited in the Wild

CISA issued warning vulnerability affecting Fortinet FortiWeb appliances that threat actors are currently exploiting in active attacks.

3 weeks ago

CISA Warns of Fortinet FortiWeb OS Command Injection Vulnerability Exploited in the Wild

CISA issued warning vulnerability affecting Fortinet FortiWeb appliances that threat actors are currently exploiting in active attacks.

3 weeks ago

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034) - Help Net Security

Attackers are exploiting another FortiWeb vulnerability (CVE-2025-58034) that Fortinet fixed without making its existence public at the time.

3 weeks ago

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034, which attackers are actively exploiting.

3 weeks ago

New FortiWeb 0-Day Command Injection Vulnerability Exploited in the Wild

Fortinet has released an urgent security advisory addressing a newly discovered zero-day vulnerability, CVE-2025-58034, in its FortiWeb web application firewall platform, after evidence emerged of active exploitation in the wild.

3 weeks ago

Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild

Fortinet warns of FortiWeb flaw CVE-2025-58034 exploited in the wild and issues urgent upgrade guidance.

3 weeks ago

Fortinet Silent Patch Raises Concern Among Security Pros

Fortinet may have silently patched an exploited zero-day vulnerability more than two weeks before officially disclosing the vulnerability.

3 weeks ago

Fortinet warns of new FortiWeb zero-day exploited in attacks

Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks.

3 weeks ago

Fortinet FortiWeb WAF Vulnerability Exploited in the Wild, CISA Warns of Admin Access Risk

The vulnerability poses an immediate risk to organizations operating Fortinet's web application firewall (WAF) infrastructure.

3 weeks ago

Critical Fortinet FortiWeb WAF Bug Exploited in Wild

The vulnerability could allow an unauthenticated attacker to remotely execute administrative commands.

4 weeks ago

PoC Exploit Tool Released for FortiWeb WAF Vulnerability Exploited in the Wild

A proof-of-concept (PoC) exploit tool for CVE-2025-64446 has been publicly released on GitHub. This vulnerability, affecting FortiWeb devices from Fortinet, involves a critical path traversal flaw that has already been observed in real-world attacks, allowing unauthorized access to sensitive CGI end...

1 month ago

CVE-2025-64446 in Fortinet FortiWeb: Details, Next Steps

A critical vulnerability, CVE-2025-64446, in Fortinet FortiWeb is being actively exploited. Read more for technical details & impact to organizations.

1 month ago

CVE-2025-64446: Critical Fortinet FortiWeb Path Traversal Vulnerability Exploited to Create Administrative Accounts | Arctic Wolf

On November 13, 2025, open source reporting began detailing active exploitation of a silently patched Fortinet FortiWeb vulnerability.

1 month ago

Fortinet finally cops to critical bug under active exploit

Fortinet finally published a security advisory on Friday for a critical FortiWeb path traversal vulnerability under active exploitation – but it appears digital intruders got a month's head start. The bug,...

1 month ago

Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks

Fortinet has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now being widely exploited.

1 month ago

Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability

Fortinet said an exploited FortiWeb vulnerability (CVE-2025-64446) allows attackers to gain administrative access to the security appliances.

1 month ago

Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability

Fortinet said an exploited FortiWeb vulnerability (CVE-2025-64446) allows attackers to gain administrative access to the security appliances.

1 month ago

Researcher to release exploit for full auth bypass on FortiWeb

A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication.

Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild

Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates.

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

CVE-2025-25256 in FortiSIEM scored 9.8 CVSS; active exploit found, prompting urgent patching. (

Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter is out! Every week, the best security articles from Security Affairs in your email box

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

Hackers exploited a Fortinet FortiWeb flaw the same day a PoC was published, compromising dozens of systems.

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

Hackers exploited a Fortinet FortiWeb flaw the same day a PoC was published, compromising dozens of systems.

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its KEV Catalog, based on evidence of active exploitation

CISA Warns of Fortinet FortiWeb SQL Injection Vulnerability Exploited in Attacks

CISA has added a critical Fortinet FortiWeb vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation of the SQL injection flaw in cyberattacks worldwide.

FortiWeb Systems Compromised via Webshells After Public PoC Release

A widespread cyberattack campaign has successfully compromised dozens of Fortinet FortiWeb instances through webshell deployment.

Fortinet FortiWeb Instances Hacked With Webshells Following Public PoC Exploits

Dozens of Fortinet FortiWeb instances have been compromised with webshells in a widespread hacking campaign, according to the threat monitoring organization The Shadowserver Foundation.

New Fortinet FortiWeb hacks likely linked to public RCE exploits

Multiple Fortinet FortiWeb instances recently infected with web shells are believed to have been compromised using public exploits for a recently patched remote code execution (RCE) flaw tracked as CVE-2025-25257.

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257) - Help Net Security

With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 is expected to be leveraged by attackers soon.

The first week of CVE-2025-25257 in FortiWeb Fabric Connector – Global Security Mag Online

The first week of CVE-2025-25257 in FortiWeb Fabric Connector CrowdSec

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

PoC exploits released for critical Fortinet FortiWeb flaw allowing pre-auth RCE. Fortinet urges users to patch.

Critical Vulnerability Exposes Fortinet FortiWeb to Full Takeover (CVE-2025-25257)

WatchTowr Labs reveals CVE-2025-25257, a critical FortiWeb SQL injection vulnerability allowing unauthenticated remote code execution.

Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)

Fortinet fixes a critical SQL injection vulnerability in FortiWeb (CVE-2025-25257), posing risks to database security.

Fortinet FortiWeb Fabric Connector Vulnerability Exploited to Execute Remote Code

A critical security vulnerability in Fortinet's FortiWeb Fabric Connector has been discovered and exploited, allowing attackers to execute remote code on affected systems without authentication.

Critical Fortinet flaws now exploited in Qilin ransomware attacks

The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely.

Researchers Drop PoC for Fortinet CVE-2025-32756, Urging Quick Patching

Researchers have released PoC for CVE-2025-32756, a vulnerability actively being exploited in Fortinet products like FortiMail and FortiCamera.

Fortinet Zero-Day Under Attack: PoC Now Publicly Available

The vulnerability is a stack-based buffer overflow located within the administrative API, specifically in the handling of session cookies.

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Fortinet patched CVE-2025-32756, a zero-day flaw exploited in FortiVoice systems, risking remote code execution.

Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) - Help Net Security

Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice systems.

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices - Help Net Security

An attacker using old FortiOS flaws to breach FortiGate devices has been leveraging symlink to retain limited access to them after patching.

FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) - Help Net Security

Fortinet has released patches for a vulnerability (CVE-2024-48887) in its FortiSwitch devices that could give attackers admin privileges.