Fortinet Fixed 2 Critical Zero-Day Vulnerabilities in FortiWeb
⚡ TL;DR | Go Straight to the FortiWeb Vulnerability Audit Report
Yesterday and Friday, Fortinet released patches fixing two critical zero-day vulnerability in their FortiWeb web application firewalls. Both vulnerabilities has been actively exploited in the wild, one allowing unauthenticated attackers to create new administrative users and one leading to execute unauthorized code. Users are urged to urgently update any and all FortiWeb devices. We have added a new report to Lansweeper that allows you to find all FortiWeb devices in your network.
FortiWeb Vulnerabilities CVE-2025-64446 and CVE-2025-58034
The vulnerability tracked as CVE-2025-64446 is a critical relative path traversal vulnerability with a CVSS score of 9.4 affecting FortiWeb. It has been actively exploited in the wild since at least early October allows unauthenticated to create new administrative users completely compromising the device.
The second vulnerability, CVE-2025-58034 is an OS command injection vulnerability, with a medium severity CVSS score of 6.7. It would allow an unauthorized attacker to “execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands” according to Fortinet’s advisory.
Update Vulnerable Fortinet Installations
Fortinet has released updates for the affected FortiWeb versions. Users are advised to update vulnerable instances to the latest version as soon as possible.
| Version | Affected | Solution |
| FortiWeb 8.0 | 8.0.0 through 8.0.1 | Upgrade to 8.0.2 or above |
| FortiWeb 7.6 | 7.6.0 through 7.6.5 | Upgrade to 7.6.6 or above |
| FortiWeb 7.4 | 7.4.0 through 7.4.10 | Upgrade to 7.4.11 or above |
| FortiWeb 7.2 | 7.2.0 through 7.2.11 | Upgrade to 7.2.12 or above |
| FortiWeb 7.0 | 7.0.0 through 7.0.11 | Upgrade to 7.0.12 or above |
Fortinet’s advisory also offered a possible workaround for those who are unable to update at this time. By disabling the HTTP or HTTPS for internet-facing interfaces you can significantly reduce the risk posed by this vulnerability.
Discover Vulnerable Fortinet Installs
Our team has added a new report to Lansweeper Classic to help you locate FortiWeb devices in your network. This will give you a list of instances of FortiWeb products and their versions, so you can more easily check if they are all up to date. On the Lansweeper Platform you can find more information on the Risk Insights page for CVE-2025-64446. You can get the report via the link below.
Ready to get started?
You’ll be up and running in no time.
Explore all our features, free for 14 days.