FortiWeb Sliver C2 Compromise

FortiWeb Sliver C2 Compromise image
You are here:
  1. Home
  2. Threat Advisory
  3. FortiWeb Sliver C2 Compromise

EXECUTIVE SUMMARY

Attackers exploited outdated FortiWeb appliances to deploy the Sliver C2 framework, gaining persistent, stealthy access to network perimeters. The campaign highlights a critical visibility gap in edge devices and underscores the need for urgent patching and enhanced monitoring of internet-facing security appliances.

  • Active Region: Asia
  • Affected Sector: Government, Financial Services, Enterprises
  • Affected Product: Fortinet FortiWeb Web Application Firewall
  • Severity: High
  • Published Date: January 05, 2026

TECHNICAL DETAILS

  • Target: Internet-facing Fortinet FortiWeb Web Application Firewall appliances, particularly those deployed at network perimeters and protecting critical web applications in government and financial environments.
  • Root Cause: Use of outdated FortiWeb firmware with exploitable public-facing vulnerabilities (including CVE-2025-55182), combined with limited security visibility and lack of endpoint monitoring on edge appliances.
  • Prerequistic For Exploitation: Internet-exposed FortiWeb appliances……

Read Full Report Here!

Download the Report

Date

Share

Previous Reports

Voicemail-Based Remote Access Attack image

Voicemail-Based Remote Access Attack

APT28 Exploiting Microsoft Office RTF image

APT28 Exploiting Microsoft Office RTFZero-Day

macOS RCE via Google Ads Malvertising image

macOS RCE via Google Ads Malvertising