Security researchers and CISA have warned that Fortinet FortiWeb appliances with unsupported versions are actively being exploited. Fortinet has issued patches for supported versions, but many organizations still run outdated FortiWeb devices, leaving them exposed. Read the Cybersecurity Threat Advisory to mitigate the potential impact of these vulnerabilities now.
What is the threat?
Two vulnerabilities—CVE-2025-64446 (relative path traversal) and CVE-2025-58034 (command injection)—have been used in the wild, enabling access to sensitive files and arbitrary command execution.
- CVE-2025-64446: Relative path traversal in FortiWeb that allows attackers to access files outside the intended directory by manipulating HTTP request paths.
- CVE-2025-58034: Operating system command injection that lets attackers execute arbitrary commands with the FortiWeb process privileges, potentially gaining full device control.
Why is it noteworthy?
These flaws are actively exploited and affect unsupported FortiWeb versions no longer receiving security updates. The combination of data exposure and full system compromise creates a highly dangerous attack chain, especially for legacy deployments.
What is the exposure or risk?
Attackers may chain these flaws for maximum impact. First, using path traversal to harvest configuration data and credentials, then leveraging command injection to execute arbitrary commands and take full control of the appliance. This tandem attack can bypass perimeter defenses and enable broader network compromise. FortiWeb devices positioned at critical points in the network can expose web applications to lateral movement and substantial data breaches, especially when devices are internet-facing or out of patch. Organizations running unsupported versions are at the highest risk, as no vendor patches are available for those systems.
What are the recommendations?
Barracuda strongly recommends the following steps to secure you and your clients’ environments:
- Upgrade to a supported FortiWeb version and apply the latest Fortinet security patches immediately.
- Remove or isolate unsupported FortiWeb appliances from production environments.
- Restrict FortiWeb management interface access to trusted internal networks only.
- Monitor logs for suspicious file access patterns and unexpected system command executions.
- Perform a compromise assessment, especially for internet-facing appliances.
References
For more in-depth information about the recommendations, please visit the following links:
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.