# CISA gives govt agencies 7 days to patch new Fortinet flaw

![](https://www.bleepstatic.com/content/hl-images/2025/01/13/CISA_headpic.jpg)

CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet's FortiWeb web application firewall, which was exploited in zero-day attacks.

Tracked as , this OS command injection flaw can allow authenticated threat actors to gain code execution in low-complexity attacks that don't require user interaction.

"An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands,"  on Tuesday.

The cybersecurity agency  the vulnerability to its  the same day, giving Federal Civilian Executive Branch (FCEB) agencies until Tuesday, November 25th, to secure their systems against attacks as mandated by the Binding Operational Directive (BOD) 22-01.

"This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," CISA warned.

"With recent and ongoing exploitation events [..], a reduced remediation timeframe of one week is recommended," it added, referring to a second FortiWeb flaw (CVE-2025-64446)  that Fortinet  in late October.

On Friday, CISA also  the CVE-2025-64446 vulnerability to its catalog of actively exploited security flaws, ordering U.S. federal agencies to .

BleepingComputer has reached out to a Fortinet spokesperson with questions about these flaws, but we have yet to receive a response.

In August, Fortinet addressed  (CVE-2025-25256) in its FortiSIEM solution, following a GreyNoise report warning of a  against Fortinet SSL VPNs.

Fortinet vulnerabilities are commonly exploited in  and  . For instance, in February, Fortinet  that a Chinese hacking group tracked as Volt Typhoon  two FortiOS SSL VPN flaws to breach a  using a custom remote access trojan (RAT) called Coathanger.

As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.

This free cheat sheet outlines 7 best practices you can start using today.

	  ****
