Skip to main content

Command Palette

Search for a command to run...

CISA gives govt agencies 7 days to patch new Fortinet flaw

Published
2 min readView as Markdown
CISA gives govt agencies 7 days to patch new Fortinet flaw

CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet's FortiWeb web application firewall, which was exploited in zero-day attacks.

Tracked as , this OS command injection flaw can allow authenticated threat actors to gain code execution in low-complexity attacks that don't require user interaction.

"An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands," on Tuesday.

The cybersecurity agency the vulnerability to its the same day, giving Federal Civilian Executive Branch (FCEB) agencies until Tuesday, November 25th, to secure their systems against attacks as mandated by the Binding Operational Directive (BOD) 22-01.

"This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," CISA warned.

"With recent and ongoing exploitation events [..], a reduced remediation timeframe of one week is recommended," it added, referring to a second FortiWeb flaw (CVE-2025-64446) that Fortinet in late October.

On Friday, CISA also the CVE-2025-64446 vulnerability to its catalog of actively exploited security flaws, ordering U.S. federal agencies to .

BleepingComputer has reached out to a Fortinet spokesperson with questions about these flaws, but we have yet to receive a response.

In August, Fortinet addressed (CVE-2025-25256) in its FortiSIEM solution, following a GreyNoise report warning of a against Fortinet SSL VPNs.

Fortinet vulnerabilities are commonly exploited in and . For instance, in February, Fortinet that a Chinese hacking group tracked as Volt Typhoon two FortiOS SSL VPN flaws to breach a using a custom remote access trojan (RAT) called Coathanger.

As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.

This free cheat sheet outlines 7 best practices you can start using today.


More from this blog

F

FPT Metrodata Indonesia Cyber Security

683 posts

FPT Metrodata Indonesia (FMI) provides news, analysis & guides on cybersecurity and threat intelligence for Indonesia & Vietnam. Visit https://news.fmisec.com. FMI: https://fmisec.com