home.social

#fortiweb — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #fortiweb, aggregated by home.social.

  1. [VULN] ⚠️Fortinet : encore une faille zero-day dans FortiWeb (CVE-2025-58034)

    "Il y a quelques jours, Fortinet a dévoilé une première faille de sécurité zero-day dans FortiWeb : CVE-2025-64446. Dans le sillage de cette première vulnérabilité, une seconde faille de sécurité zero-day a été patchée par l'éditeur américain. Il s'agit d'une faiblesse de type "injection de commande au niveau de l'OS" qu'un attaquant peut exploiter en étant authentifié.

    Fortinet précise qu'elle peut "permettre à un attaquant authentifié d'exécuter du code non autorisé sur le système sous-jacent via des requêtes HTTP ou des commandes CLI spécialement conçues."
    👇
    it-connect.fr/fortinet-cve-202

    "Multiple OS command injection in API and CLI"
    👇
    fortiguard.fortinet.com/psirt/

    💬
    ⬇️
    infosec.pub/post/37909261

    #CyberVeille #fortiweb #CVE_2025_58034

  2. [VULN] ⚠️Fortinet : encore une faille zero-day dans FortiWeb (CVE-2025-58034)

    "Il y a quelques jours, Fortinet a dévoilé une première faille de sécurité zero-day dans FortiWeb : CVE-2025-64446. Dans le sillage de cette première vulnérabilité, une seconde faille de sécurité zero-day a été patchée par l'éditeur américain. Il s'agit d'une faiblesse de type "injection de commande au niveau de l'OS" qu'un attaquant peut exploiter en étant authentifié.

    Fortinet précise qu'elle peut "permettre à un attaquant authentifié d'exécuter du code non autorisé sur le système sous-jacent via des requêtes HTTP ou des commandes CLI spécialement conçues."
    👇
    it-connect.fr/fortinet-cve-202

    "Multiple OS command injection in API and CLI"
    👇
    fortiguard.fortinet.com/psirt/

    💬
    ⬇️
    infosec.pub/post/37909261

    #CyberVeille #fortiweb #CVE_2025_58034

  3. [VULN] ⚠️Fortinet : encore une faille zero-day dans FortiWeb (CVE-2025-58034)

    "Il y a quelques jours, Fortinet a dévoilé une première faille de sécurité zero-day dans FortiWeb : CVE-2025-64446. Dans le sillage de cette première vulnérabilité, une seconde faille de sécurité zero-day a été patchée par l'éditeur américain. Il s'agit d'une faiblesse de type "injection de commande au niveau de l'OS" qu'un attaquant peut exploiter en étant authentifié.

    Fortinet précise qu'elle peut "permettre à un attaquant authentifié d'exécuter du code non autorisé sur le système sous-jacent via des requêtes HTTP ou des commandes CLI spécialement conçues."
    👇
    it-connect.fr/fortinet-cve-202

    "Multiple OS command injection in API and CLI"
    👇
    fortiguard.fortinet.com/psirt/

    💬
    ⬇️
    infosec.pub/post/37909261

    #CyberVeille #fortiweb #CVE_2025_58034

  4. [VULN] ⚠️Fortinet : encore une faille zero-day dans FortiWeb (CVE-2025-58034)

    "Il y a quelques jours, Fortinet a dévoilé une première faille de sécurité zero-day dans FortiWeb : CVE-2025-64446. Dans le sillage de cette première vulnérabilité, une seconde faille de sécurité zero-day a été patchée par l'éditeur américain. Il s'agit d'une faiblesse de type "injection de commande au niveau de l'OS" qu'un attaquant peut exploiter en étant authentifié.

    Fortinet précise qu'elle peut "permettre à un attaquant authentifié d'exécuter du code non autorisé sur le système sous-jacent via des requêtes HTTP ou des commandes CLI spécialement conçues."
    👇
    it-connect.fr/fortinet-cve-202

    "Multiple OS command injection in API and CLI"
    👇
    fortiguard.fortinet.com/psirt/

    💬
    ⬇️
    infosec.pub/post/37909261

    #CyberVeille #fortiweb #CVE_2025_58034

  5. 🚨 Fortinet has released patches for two actively exploited vulnerabilities in its #FortiWeb web-application firewalls. One allows full takeover, the other enables command injection.

    Update now: hackread.com/fortinet-fixes-fo

    #Cybersecurity #InfoSec #Vulnerability #Fortinet #PatchNow

  6. The narrative about #FortiWeb (CVE-2025-64446) exploitation is going to end up being about attacker behavior and compromise, which is fair enough, except that this looks to have been entirely preventable.

    How are we still letting suppliers get away with silent patches in frequently exploited products in 2025? Customers need to be voting for better supplier behavior with their wallets, or with their legal teams.

    vulncheck.com/blog/fortinet-fo

  7. ⚠️ Exploitation des Fortinet FortiWeb <8.0.2 en cours

    Faille critique de contournement d’authentification : un attaquant distant peut créer un compte administrateur et prendre le contrôle complet du WAF.

    📌 Versions affectées (selon watchTowr) :

    8.0 : versions antérieures à 8.0.2
    7.6 : versions antérieures à 7.6.5
    7.4 : versions antérieures à 7.4.10
    7.2 : versions antérieures à 7.2.12
    7.0 : versions antérieures à 7.0.12
    6.4 : versions ≤ 6.4.3
    6.3 : versions ≤ 6.3.23

    🔧 Mitigation :
    ➡️ Il est recommandé d’utiliser une version corrigée (8.0.2+ / dernière version de votre branche).
    ➡️ Il est également préférable que l’interface d’admin ne soit pas exposée sur Internet, avec un accès limité à des IP de confiance et/ou via VPN.

    Analyse technique & détection :
    👇
    labs.watchtowr.com/when-the-im

    Outil de génération d’artefacts (détection/PoC défense) :
    📜 👇 github.com/watchtowrlabs/watch

    Contexte exploitation in the wild :
    🔗 🐦 x.com/watchtowrcyber/status/19

    #Fortinet #FortiWeb #infosec #BlueTeam #CyberVeille

  8. Krytyczna luka w Fortinet FortiWeb używana do ataków. Paczujcie się

    Kolejny groźny atak na puszki od Fortineta — upewnijcie się, że Wasz FortiWeb jest w wersji 8.0.2 zanim doczytacie ten artykuł do końca.
    Wystawiono exploita na sprzedaż i już widać ataki
    6 listopada wystawiono na sprzedaż exploita na FortiWeb (Web Application Firewall).
    źródło: Rapid7.com
    Exploit pozwala atakującemu założyć sobie konto z uprawnieniami administratora (!) w panelu zarządzania FortiWeb. Atak działa na wersje FortiWeb 8.0.1 i wcześniejsze.

    Nie ma jeszcze CVE i producent nie wydał pełnego komunikatu, ale wygląda na to, że po cichu załatał błąd w 8.0.2. Co ciekawe, PoC na tę lukę został opublikowany już 6 października przez firmę Defused, po tym jak wykryli atak w swoim honeypocie.
    Krótko mówiąc, załatajcie się, a jak nie możecie, ściągnijcie webinterfejs WAF-a z internetu. Albo postawcie przed nim innego WAF-a ;P

    #Fortinet #Fortiweb #WAF

    niebezpiecznik.pl/post/krytycz

  9. Better late than never — we’ve just published the July Vulnerability Report.

    👉 vulnerability-lookup.org/2025/

    📌 Key highlights:

    The most reported vulnerability this month is CVE-2025-53770, a critical flaw in #Microsoft SharePoint Enterprise Server 2016, with more than 400 sightings.

    Other high-impact issues include CVE-2025-5777 (#NetScaler ADC) and CVE-2025-25257 (#Fortinet #FortiWeb.

    #VulnerabilityLookup #CyberSecurity

  10. Better late than never — we’ve just published the July Vulnerability Report.

    👉 vulnerability-lookup.org/2025/

    📌 Key highlights:

    The most reported vulnerability this month is CVE-2025-53770, a critical flaw in #Microsoft SharePoint Enterprise Server 2016, with more than 400 sightings.

    Other high-impact issues include CVE-2025-5777 (#NetScaler ADC) and CVE-2025-25257 (#Fortinet #FortiWeb.

    #VulnerabilityLookup #CyberSecurity

  11. Straight and to the point, very cool #bug 🪲

    FortMajeure: Authentication Bypass in #FortiWeb (CVE-2025-52970)

    pwner.gg/blog/2025-08-13-forti

  12. Sharing insights and taking swift action can collectively reduce the impact of these threats. This is your call to action for real-time threat intelligence and collaborative cybersecurity.

    For more information, visit crowdsec.net

    Want to stay ahead of the latest cyber threats? Get our weekly Threat Alert delivered straight to your inbox, along with critical threat updates and trending cybersecurity insights.

    📩 Sign up now for exclusive access: contact.crowdsec.net/threat-al

    🧵6/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  13. Sharing insights and taking swift action can collectively reduce the impact of these threats. This is your call to action for real-time threat intelligence and collaborative cybersecurity.

    For more information, visit crowdsec.net

    Want to stay ahead of the latest cyber threats? Get our weekly Threat Alert delivered straight to your inbox, along with critical threat updates and trending cybersecurity insights.

    📩 Sign up now for exclusive access: contact.crowdsec.net/threat-al

    🧵6/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  14. Sharing insights and taking swift action can collectively reduce the impact of these threats. This is your call to action for real-time threat intelligence and collaborative cybersecurity.

    For more information, visit crowdsec.net

    Want to stay ahead of the latest cyber threats? Get our weekly Threat Alert delivered straight to your inbox, along with critical threat updates and trending cybersecurity insights.

    📩 Sign up now for exclusive access: contact.crowdsec.net/threat-al

    🧵6/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  15. 🛡️ How to protect your systems:
    🔹 Patch: Patch your FortiWeb instance if it is publicly exposed; otherwise, remove outside access to the affected admin panel.
    🔹 Preemptive blocking: Use Crowdsec CTI to block IPs exploiting CVE-2025-25257 👉 app.crowdsec.net/cti?q=cves%3A
    🔹 Stay proactive: Install the Crowdsec Web Application Firewall to stay ahead of exploit attempts, with 100+ virtual patching rules available. 👉 doc.crowdsec.net/docs/next/app

    🧵5/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  16. 🛡️ How to protect your systems:
    🔹 Patch: Patch your FortiWeb instance if it is publicly exposed; otherwise, remove outside access to the affected admin panel.
    🔹 Preemptive blocking: Use Crowdsec CTI to block IPs exploiting CVE-2025-25257 👉 app.crowdsec.net/cti?q=cves%3A
    🔹 Stay proactive: Install the Crowdsec Web Application Firewall to stay ahead of exploit attempts, with 100+ virtual patching rules available. 👉 doc.crowdsec.net/docs/next/app

    🧵5/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  17. 🛡️ How to protect your systems:
    🔹 Patch: Patch your FortiWeb instance if it is publicly exposed; otherwise, remove outside access to the affected admin panel.
    🔹 Preemptive blocking: Use Crowdsec CTI to block IPs exploiting CVE-2025-25257 👉 app.crowdsec.net/cti?q=cves%3A
    🔹 Stay proactive: Install the Crowdsec Web Application Firewall to stay ahead of exploit attempts, with 100+ virtual patching rules available. 👉 doc.crowdsec.net/docs/next/app

    🧵5/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  18. 📈 Trend analysis:
    🔹 CrowdSec detected the first in-the-wild exploitation of this vulnerability on July 11th, shortly after we rolled out detection rules. Using our wayback tools, we were able to establish that there were no exploitation attempts before July 11th, confirming once again that public exploits are a key driver of vulnerability weaponization.
    🔹 For CVE-2025-25257, CrowdSec has observed about 40 distinct IPs producing about 500 attack events in total. Most of these attacks occurred on Friday, July 11th, the day the exploit was publicized. The attacks on Friday were mainly due to a presumably coordinated attacker spinning up a bunch of machines on Scaleway cloud to use in a broad scanning campaign. Over the weekend, the exploit quickly lost popularity. This might be due to the fact that the exploit requires the Fabric Connector administrative interface to be publicly accessible, which is somewhat unlikely. While we cannot make predictions, CrowdSec expects exploitation signals to pick up slightly this week as vulnerability scanners start looking for vulnerable devices. However, we don’t expect the attacker volume for this vulnerability to reach that of other Fortinet-related CVEs.

    🧵4/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  19. 📈 Trend analysis:
    🔹 CrowdSec detected the first in-the-wild exploitation of this vulnerability on July 11th, shortly after we rolled out detection rules. Using our wayback tools, we were able to establish that there were no exploitation attempts before July 11th, confirming once again that public exploits are a key driver of vulnerability weaponization.
    🔹 For CVE-2025-25257, CrowdSec has observed about 40 distinct IPs producing about 500 attack events in total. Most of these attacks occurred on Friday, July 11th, the day the exploit was publicized. The attacks on Friday were mainly due to a presumably coordinated attacker spinning up a bunch of machines on Scaleway cloud to use in a broad scanning campaign. Over the weekend, the exploit quickly lost popularity. This might be due to the fact that the exploit requires the Fabric Connector administrative interface to be publicly accessible, which is somewhat unlikely. While we cannot make predictions, CrowdSec expects exploitation signals to pick up slightly this week as vulnerability scanners start looking for vulnerable devices. However, we don’t expect the attacker volume for this vulnerability to reach that of other Fortinet-related CVEs.

    🧵4/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  20. 📈 Trend analysis:
    🔹 CrowdSec detected the first in-the-wild exploitation of this vulnerability on July 11th, shortly after we rolled out detection rules. Using our wayback tools, we were able to establish that there were no exploitation attempts before July 11th, confirming once again that public exploits are a key driver of vulnerability weaponization.
    🔹 For CVE-2025-25257, CrowdSec has observed about 40 distinct IPs producing about 500 attack events in total. Most of these attacks occurred on Friday, July 11th, the day the exploit was publicized. The attacks on Friday were mainly due to a presumably coordinated attacker spinning up a bunch of machines on Scaleway cloud to use in a broad scanning campaign. Over the weekend, the exploit quickly lost popularity. This might be due to the fact that the exploit requires the Fabric Connector administrative interface to be publicly accessible, which is somewhat unlikely. While we cannot make predictions, CrowdSec expects exploitation signals to pick up slightly this week as vulnerability scanners start looking for vulnerable devices. However, we don’t expect the attacker volume for this vulnerability to reach that of other Fortinet-related CVEs.

    🧵4/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  21. 🛠️ About the exploit:
    🔹 The Fortinet FortiWeb Fabric Connector is an integration component designed to enhance application security by linking FortiWeb web application firewalls (WAFs) with other elements of the Fortinet Security Stack. It enables policy enforcement and automated threat response by leveraging intelligence gathered from FortiGate firewalls, FortiSandbox, FortiAnalyzer, and other “Fabric-enabled” devices. It is in some sense a glue product that holds an array of different Fortinet products together.
    🔹 The vulnerability allows unauthenticated attackers to execute arbitrary SQL statements against the MySQL database connected to Fabric Connector. As this database runs as root per default, this attack can be chained to run arbitrary Python code on the affected machine, allowing attackers to further compromise the system. The vulnerability affects various FortiWeb versions from 7.0 to 7.6. As a workaround, the vendor recommends disabling the administrative interface to external visitors.

    🧵3/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  22. 🛠️ About the exploit:
    🔹 The Fortinet FortiWeb Fabric Connector is an integration component designed to enhance application security by linking FortiWeb web application firewalls (WAFs) with other elements of the Fortinet Security Stack. It enables policy enforcement and automated threat response by leveraging intelligence gathered from FortiGate firewalls, FortiSandbox, FortiAnalyzer, and other “Fabric-enabled” devices. It is in some sense a glue product that holds an array of different Fortinet products together.
    🔹 The vulnerability allows unauthenticated attackers to execute arbitrary SQL statements against the MySQL database connected to Fabric Connector. As this database runs as root per default, this attack can be chained to run arbitrary Python code on the affected machine, allowing attackers to further compromise the system. The vulnerability affects various FortiWeb versions from 7.0 to 7.6. As a workaround, the vendor recommends disabling the administrative interface to external visitors.

    🧵3/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  23. 🛠️ About the exploit:
    🔹 The Fortinet FortiWeb Fabric Connector is an integration component designed to enhance application security by linking FortiWeb web application firewalls (WAFs) with other elements of the Fortinet Security Stack. It enables policy enforcement and automated threat response by leveraging intelligence gathered from FortiGate firewalls, FortiSandbox, FortiAnalyzer, and other “Fabric-enabled” devices. It is in some sense a glue product that holds an array of different Fortinet products together.
    🔹 The vulnerability allows unauthenticated attackers to execute arbitrary SQL statements against the MySQL database connected to Fabric Connector. As this database runs as root per default, this attack can be chained to run arbitrary Python code on the affected machine, allowing attackers to further compromise the system. The vulnerability affects various FortiWeb versions from 7.0 to 7.6. As a workaround, the vendor recommends disabling the administrative interface to external visitors.

    🧵3/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  24. ⚠️ Key findings:
    🔹 A new SQL injection vulnerability in a FortiWeb component allows attackers to execute arbitrary code on the affected machine.
    🔹 CrowdSec has been tracking exploitation since the 11th of July 2025.
    🔹 Data from the CrowdSec network indicates that attacker interest in the vulnerability remains very limited.

    🧵2/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  25. ⚠️ Key findings:
    🔹 A new SQL injection vulnerability in a FortiWeb component allows attackers to execute arbitrary code on the affected machine.
    🔹 CrowdSec has been tracking exploitation since the 11th of July 2025.
    🔹 Data from the CrowdSec network indicates that attacker interest in the vulnerability remains very limited.

    🧵2/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  26. ⚠️ Key findings:
    🔹 A new SQL injection vulnerability in a FortiWeb component allows attackers to execute arbitrary code on the affected machine.
    🔹 CrowdSec has been tracking exploitation since the 11th of July 2025.
    🔹 Data from the CrowdSec network indicates that attacker interest in the vulnerability remains very limited.

    🧵2/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  27. 🚨 In this week’s Threat Alert Newsletter: exploitation of CVE-2025-25257 in Fortinet’s FortiWeb Fabric Connector.

    We break down how the exploit works, what CrowdSec sees on the network, and steps to stay protected.

    Read more 👇

    🧵1/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  28. 🚨 In this week’s Threat Alert Newsletter: exploitation of CVE-2025-25257 in Fortinet’s FortiWeb Fabric Connector.

    We break down how the exploit works, what CrowdSec sees on the network, and steps to stay protected.

    Read more 👇

    🧵1/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  29. 🚨 In this week’s Threat Alert Newsletter: exploitation of CVE-2025-25257 in Fortinet’s FortiWeb Fabric Connector.

    We break down how the exploit works, what CrowdSec sees on the network, and steps to stay protected.

    Read more 👇

    🧵1/6

    #CVE202525257 #Fortinet #FortiWeb #CyberSecurity #Infosec #ThreatIntel #CrowdSec

  30. Just Posted: Chris Hildebrandt discusses how Fortinet's FortiWeb Cloud WAF-as-a-Service fortifies API security with machine learning and simplifies SOC operations, providing robust cyber defense for web applications. #CFD18 #Cloud #FortiWEB #Security #Sponsored
    gestaltit.com/sponsored/fortin