During November 2025, Fortinet published and patched two critical FortiWeb vulnerabilities (CVE-2025-64446 and CVE-2025-58034) that have been identified as being exploited in real-world environments; experts recommend urgent patching.

In the second half of November 2025, two critical vulnerabilities in FortiWeb were published and patched—one for path traversal (CVE-2025-64446) and another for OS command injection (CVE-2025-58034)—both associated with field exploitation according to several research centers and technical advisories. The incidents were significant enough for CISA to include at least one of the flaws (CVE-2025-64446) in its Known Exploited Vulnerabilities (KEV) catalog, thereby raising the patching priority for organizations subject to that mandate.

Published analyses indicate that vulnerable versions span several FortiWeb branches (7.x and 8.x) and that Fortinet has released corrective patches (e.g., FortiWeb 8.0.2 and equivalent versions in minor branches). Reports show widespread exploitation in some cases and the detection of techniques for creating unauthorized administrative accounts or remote execution. Therefore, the practical recommendation is to inventory exposed FortiWeb systems, apply patches immediately, review access logs, and implement mitigation measures (blocking management interfaces over the internet, segmentation, and control lists).

For SITE PERU, this is a call to strengthen maintenance and response services: offering perimeter device audit packages, running containment playbooks, and managed patching services can minimize risks and reinforce trust with critical customers.

Help Net Security. (2025, 19 de noviembre). Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034). Help Net Security.