Fortinet has recently addressed two actively exploited zero-days in its FortiWeb web application firewall (WAF). These flaws, a command injection vulnerability (CVE-2025-58034) and a path traversal vulnerability (CVE-2025-64446), could allow attackers to execute unauthorized code and gain administrative access to affected systems. Timely patching is critical to mitigate these risks. Understanding the Vulnerabilities The first […]
The post Bugs Caught in the FortiWeb: Active Attacks Target FortiWeb Zero-Days appeared first on SecPod Blog.