Fortinet FortiWeb users face urgent action after another security gap emerged in mid-November 2025. This time, hackers found a way to sneak harmful commands into the system, putting thousands of devices at risk.
What Happened
A flaw called CVE-2025-58034 lets someone with login access run bad code on your FortiWeb device. Think of it like someone finding a secret door in your security system. Once they get in, they can:
- Take full control of your device
- Sneak deeper into your network
- Bypass all your safety walls
- Access things they shouldn’t see
Trend Micro found this problem while checking an older issue. Bad news: hackers already know about it and are using it to break into systems.
Which Versions Need Fixing
| Version | Needs Update | Fix It With |
|---|---|---|
| 8.0.0 to 8.0.1 | Yes | Version 8.0.2 or newer |
| 7.6.0 to 7.6.5 | Yes | Version 7.6.6 or newer |
| 7.4.0 to 7.4.10 | Yes | Version 7.4.11 or newer |
| 7.2.0 to 7.2.11 | Yes | Version 7.2.12 or newer |
| 7.0.0 to 7.0.11 | Yes | Version 7.0.12 or newer |
Why This Matters More
Experts think hackers might combine this flaw with another recent one (CVE-2025-64446) to break in without any login at all. That’s like someone not just using the secret door but also finding a way to unlock your front gate first.
The U.S. government added this to their list of dangers that must be fixed by November 25, 2025. When they do that, it means the threat is real and happening now.
What To Do Next
Check your FortiWeb version right away. If you’re running any of the ones listed above, download and install the update from Fortinet. Test it first in a safe spot, then roll it out fast. Every day you wait gives attackers more time to find your weak spot.