The Cybersecurity and Infrastructure Security Agency (CISA) has ordered US government agencies to fix a new vulnerability in Fortinet’s web application firewall within a week. The vulnerability, tracked as CVE-2025-58034, allows authenticated threat actors to gain code execution through low-complexity attacks without user interaction. CISA warned that this vulnerability poses significant risks to the federal enterprise and is a frequent attack vector for malicious cyber actors. Agencies have until November 25th to secure their systems against zero-day attacks.
Source: https://www.bleepingcomputer.com/news/security/cisa-gives-govt-agencies-7-days-to-patch-new-fortinet-flaw