CISA Urges Quick Fortinet Patches Amid Exploitation Of New FortiWeb Vulnerability

The U.S. cybersecurity agency issued an advisory giving government agencies just a week to remediate the issue that Fortinet says has been exploited in attacks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging a quick response to Fortinet’s disclosure of a zero-day vulnerability impacting its web application firewall, FortiWeb, which has been exploited in cyberattacks.

The FortiWeb vulnerability (tracked as CVE-2025-58034) was disclosed Tuesday by Fortinet, followed by an advisory from CISA giving government agencies just a week to remediate the issue.

“Fortinet has observed this to be exploited in the wild,” the vendor said in its disclosure Tuesday.

The code injection vulnerability affects numerous versions of FortiWeb 8.0 and patches are now available to fix the issue.

CRN has reached out to Fortinet for further comment.

The vulnerability was added to CISA’s catalog of vulnerabilities known to have seen exploitation Tuesday. In doing so, the agency required federal agencies to implement patches by Nov. 25.

“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” CISA wrote in its advisory.

While the order only applies to Federal Civilian Executive Branch agencies, CISA “strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of [such] vulnerabilities as part of their vulnerability management practice,” the agency said.

The flaw is considered a medium-severity issue, with a rating of 6.7 out of 10.0 in terms of severity.

In July, Fortinet confirmed that a critical-severity vulnerability affecting FortiWeb had seen exploitation in cyberattacks. Researchers at threat tracker Shadowserver said at the time that it was “likely” that dozens of unpatched FortiWeb instances had been compromised through exploits of the vulnerability.