Fortinet Hit by Second Zero-Day Attack in One Week

Fortinet reveals a new zero-day flaw in FortiWeb, raising concerns over its disclosure practices amid active exploitation campaigns.

By Content Team

Nov 21, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Fortinet disclosed another zero-day vulnerability in its FortiWeb firewall just days after revealing a separate exploited flaw. CVE-2025-58034 allows authenticated attackers to run code through crafted HTTP requests, earning a 6.7 CVSS score.

Orange Cyberdefense reports "several exploitation campaigns" are chaining this new flaw with last week's vulnerability for more powerful attacks. Trend Micro detected around 2,000 exploitation attempts.

The timing raises questions about Fortinet's disclosure practices - both vulnerabilities were quietly patched before public disclosure. CISA added the flaw to its Known Exploited Vulnerabilities catalog with an accelerated one-week patching deadline for federal agencies.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

FortiGate Firewalls Under Automated Attack Since January 15

Jan 26, 2026

574 Arrested in Major African Cybercrime Crackdown

Dec 25, 2025

Russian Hackers Permanently Damage Equipment in Attack on Polish Power Grid

Jan 30, 2026

Microsoft Rushes Emergency Patch for Office Zero-Day Under Active Attack

Jan 28, 2026