OS Command Injection Vulnerability in Fortinet FortiWeb
CVE-2025-58034

6.7MEDIUM

Key Information:

Vendor

Fortinet
Status
Fortiweb
Vendor
CVE Published:
18 November 2025

Badges

๐Ÿ“ˆ Trended๐Ÿ“ˆ Score: 5,940๐Ÿ’ฐ Ransomware๐Ÿ‘พ Exploit Exists๐ŸŸฃ EPSS 47%๐Ÿฆ… CISA Reported๐Ÿ“ฐ News Worthy

What is CVE-2025-58034?

CVE-2025-58034 is a vulnerability identified in Fortinet's FortiWeb, a web application firewall designed to protect applications from vulnerabilities and attacks such as SQL injection, cross-site scripting, and more. Specifically, this vulnerability pertains to an improper neutralization of input, known as OS Command Injection. This flaw is present in various versions of FortiWeb, allowing an authenticated attacker to potentially execute unauthorized commands on the underlying operating system. If exploited, this could lead to significant risks, including unauthorized access to sensitive data and control over the system.

Potential Impact of CVE-2025-58034

  1. Unauthorized Code Execution: Attackers may gain the ability to execute arbitrary code on the host system, compromising the integrity and confidentiality of the data processed by FortiWeb.

  2. System Compromise: Successful exploitation could lead to a complete takeover of affected systems, enabling attackers to install malware, exfiltrate sensitive information, or pivot to other systems within the network.

  3. Operational Disruption: The vulnerability can potentially disrupt the normal functioning of web applications secured by FortiWeb, leading to service outages, loss of availability, and potentially substantial financial losses for organizations.

CISA has reported CVE-2025-58034

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-58034 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiWeb 7.6.0 <= 7.6.4

FortiWeb 7.4.0 <= 7.4.8

FortiWeb 7.2.0 <= 7.2.11

News Articles

favicon imageHelp Net Security

Week in review: Stealth-patched FortiWeb vulnerability under active exploitation, Logitech data breach - Help Net Security

Hereโ€™s an overview of some of last weekโ€™s most interesting news, articles, interviews and videos: The tech that turns supply chains from brittle to

favicon imageGBHackers News

Metasploit Releases New Exploit for Fresh FortiWeb 0-Day Vulnerabilities

A Zero-day vulnerabilities in Fortinet's FortiWeb web application firewall, chaining two security flaws to achieve unauthenticated RCE.

favicon imageCyberSecurityNews

Metasploit Adds Exploit Module for Recently Disclosed FortiWeb 0-Day Vulnerabilities

The Metasploit Framework has introduced a new exploit module targeting critical vulnerabilities in Fortinet's FortiWeb Web Application Firewall (WAF).

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-513

EPSS Score

47% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ“ˆ

    Vulnerability started trending

  • ๐Ÿ’ฐ

    Used in Ransomware

  • ๐Ÿ“ฐ

    First article discovered by The Hacker News

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿฆ…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

JSON
.