OS Command Injection Vulnerability in Fortinet FortiWeb
CVE-2025-58034

6.7MEDIUM

Key Information:

Vendor

Fortinet
Status
Fortiweb
Vendor
CVE Published:
18 November 2025

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 5,940πŸ’° RansomwareπŸ‘Ύ Exploit Exists🟣 EPSS 51%πŸ¦… CISA ReportedπŸ“° News Worthy

What is CVE-2025-58034?

CVE-2025-58034 is a vulnerability identified in Fortinet's FortiWeb, a web application firewall designed to protect applications from vulnerabilities and attacks such as SQL injection, cross-site scripting, and more. Specifically, this vulnerability pertains to an improper neutralization of input, known as OS Command Injection. This flaw is present in various versions of FortiWeb, allowing an authenticated attacker to potentially execute unauthorized commands on the underlying operating system. If exploited, this could lead to significant risks, including unauthorized access to sensitive data and control over the system.

Potential Impact of CVE-2025-58034

  1. Unauthorized Code Execution: Attackers may gain the ability to execute arbitrary code on the host system, compromising the integrity and confidentiality of the data processed by FortiWeb.

  2. System Compromise: Successful exploitation could lead to a complete takeover of affected systems, enabling attackers to install malware, exfiltrate sensitive information, or pivot to other systems within the network.

  3. Operational Disruption: The vulnerability can potentially disrupt the normal functioning of web applications secured by FortiWeb, leading to service outages, loss of availability, and potentially substantial financial losses for organizations.

CISA has reported CVE-2025-58034

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-58034 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

FortiWeb 7.6.0 <= 7.6.4

FortiWeb 7.4.0 <= 7.4.8

FortiWeb 7.2.0 <= 7.2.11

News Articles

favicon imageHelp Net Security

Week in review: Stealth-patched FortiWeb vulnerability under active exploitation, Logitech data breach - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The tech that turns supply chains from brittle to

3 weeks ago

favicon imageGBHackers News

Metasploit Releases New Exploit for Fresh FortiWeb 0-Day Vulnerabilities

A Zero-day vulnerabilities in Fortinet's FortiWeb web application firewall, chaining two security flaws to achieve unauthenticated RCE.

3 weeks ago

favicon imageCyberSecurityNews

Metasploit Adds Exploit Module for Recently Disclosed FortiWeb 0-Day Vulnerabilities

The Metasploit Framework has introduced a new exploit module targeting critical vulnerabilities in Fortinet's FortiWeb Web Application Firewall (WAF).

3 weeks ago

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-513

EPSS Score

51% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ’°

    Used in Ransomware

  • πŸ“°

    First article discovered by The Hacker News

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-58034 : OS Command Injection Vulnerability in Fortinet FortiWeb