CVE-2025-58034
Fortinet FortiWeb OS Command Injection Vulnerability - [Actively Exploited]
Description
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
INFO
Published Date :
Nov. 18, 2025, 5:16 p.m.
Last Modified :
Nov. 21, 2025, 6:27 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
https://fortiguard.fortinet.com/psirt/FG-IR-25-513 ; https://nvd.nist.gov/vuln/detail/CVE-2025-58034
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | 6abe59d8-c742-4dff-8ce8-9b0ca1073da8 | ||||
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Update FortiWeb to a fixed version.
- Apply vendor patches or updates.
- Restrict access to CLI commands.
- Validate all user inputs.
Public PoC/Exploit Available at Github
CVE-2025-58034 has a 6 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-58034.
| URL | Resource |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-25-513 | Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-58034 | US Government Resource |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-58034 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-58034
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
None
CVE-2025-58034
Python
FortiWeb Remote Code Execution (RCE) Exploit via CVE-2025-64446 + CVE-2025-58034 Chain
cve-2025-64446 fortinet-vul fortiweb-authbypass cve-2025-58034
Python
None
Python
爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)
Python HTML
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-58034 vulnerability anywhere in the article.
-
Daily CyberSecurity
High-Severity Duc Disk Tool Flaw (CVE-2025-13654) Risks DoS and Information Leak via Integer Underflow
A stack-based buffer overflow vulnerability has been discovered in Duc, a popular open-source tool used for indexing and visualizing disk usage on Linux systems. The flaw, tracked as CVE-2025-13654, w ... Read more
-
Daily CyberSecurity
High-Severity lz4-java Flaw (CVE-2025-66566) Leaks Uninitialized Memory During Decompression
A high-severity vulnerability has been unearthed in lz4-java, a widely used Java library for the LZ4 compression algorithm. Tracked as CVE-2025-66566, the flaw carries a CVSS score of 8.2, signaling a ... Read more
-
Daily CyberSecurity
Critical Cal.com Flaw (CVE-2025-66489, CVSS 9.9) Allows Authentication Bypass by Submitting Fake TOTP Codes
A severe security vulnerability has been uncovered in Cal.com, the popular open-source scheduling platform positioned as the successor to Calendly. The flaw, which carries a near-maximum severity rati ... Read more
-
Daily CyberSecurity
High-Severity WatchGuard Flaws Risk VPN DoS and RCE via IKEv2 Memory Corruption
WatchGuard Technologies has released a critical series of security advisories addressing five high-severity vulnerabilities across its Firebox product line. The flaws, which affect the Fireware OS, co ... Read more
-
Daily CyberSecurity
Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain
The mercenary spyware industry remains a persistent and adaptable threat, with the notorious vendor Intellexa continuing to expand its arsenal despite facing significant geopolitical headwinds. A new ... Read more
-
Daily CyberSecurity
urllib3 Flaws Risk Client DoS via Unbounded Decompression and Streaming Resource Exhaustion
The maintainers of urllib3, the ubiquitous HTTP client for Python, have issued a security advisory detailing two high-severity vulnerabilities that could allow malicious servers to crash client applic ... Read more
-
Daily CyberSecurity
The PDF Trap: Critical Vulnerability (CVE-2025-66516, CVSS 10.0) Hits Apache Tika Core
The Apache Tika toolkit, the industry standard for detecting and extracting metadata from over a thousand file types, has issued a maximum-severity alert. A critical XML External Entity (XXE) vulnerab ... Read more
-
Daily CyberSecurity
“React2Shell” Storm: China-Nexus Groups Weaponize Critical React Flaw Hours After Disclosure
Only hours after the public disclosure of a critical vulnerability in the React ecosystem, state-sponsored cyber espionage groups have already launched active exploitation campaigns. Amazon threat int ... Read more
-
Daily CyberSecurity
High-Severity Splunk Flaw Allows Local Privilege Escalation via Incorrect File Permissions on Windows
Splunk administrators managing Windows environments are being urged to patch immediately following the discovery of two high-severity vulnerabilities affecting both the Enterprise platform and Univers ... Read more
-
Daily CyberSecurity
High-Severity Cacti Flaw (CVE-2025-66399) Risks Remote Code Execution via SNMP Community String Injection
Image: Cacti A high-severity security flaw has been uncovered in Cacti, the popular open-source network graphing solution. The vulnerability, tracked as CVE-2025-66399, exposes Cacti installations to ... Read more
-
Daily CyberSecurity
NVIDIA Triton Server Patches Two High-Severity DoS Flaws, Risking Critical AI Inference Disruption
NVIDIA has issued a security bulletin regarding its Triton Inference Server, a cornerstone tool used by MLOps teams globally to deploy AI models at scale. The company has identified two high-severity ... Read more
-
Daily CyberSecurity
AWS Trainium Chip Business Hits Multi-Billion Revenue, Challenging NVIDIA’s Pricing
Under the near-monopoly that NVIDIA holds in the AI acceleration market, Amazon has unmistakably carved out a path of its own. According to CEO Andy Jassy, AWS’s in-house AI compute chip business buil ... Read more
-
Daily CyberSecurity
Maximum Severity Alert: Critical RCE Flaw Hits Next.js (CVE-2025-66478, CVSS 10.0)
Developers using the modern stack of Next.js and React are facing a “red alert” situation today. A maximum-severity security flaw has been uncovered in the React Server Components (RSC) protocol, putt ... Read more
-
Daily CyberSecurity
Critical WordPress Flaw (CVE-2025-6389) Under Active Exploitation Allows Unauthenticated RCE
A critical Remote Code Execution (RCE) vulnerability has been discovered in the Sneeit Framework, a core plugin bundled with multiple premium themes. While the patch was quietly released in August, th ... Read more
-
Daily CyberSecurity
Catastrophic React Flaw (CVE-2025-55182, CVSS 10.0) Allows Unauthenticated RCE on Next.js and Server Components
The React Team has issued an emergency security advisory following the discovery of a catastrophic vulnerability affecting the modern React ecosystem. The flaw, which carries a maximum severity rating ... Read more
-
Daily CyberSecurity
High-Severity Vim for Windows Flaw (CVE-2025-66476) Risks Arbitrary Code Execution from Compromised Folders
Ideally, text editors are passive tools—you open a file, edit it, and save it. But a new high-severity vulnerability in Vim for Windows turns that assumption on its head, potentially allowing attacker ... Read more
-
Daily CyberSecurity
AWS Frontier Agents: Autonomous AI ‘Team Members’ Take Over Dev, Security, and Ops
At re:Invent 2025, AWS unveiled a transformative innovation poised to redefine the software-development lifecycle — Frontier Agents. This new class of AI agents is engineered to be autonomous, scalabl ... Read more
-
Daily CyberSecurity
AWS AI Factories: Bringing Full Cloud AI Infrastructure On-Prem for Data Sovereignty
As AI models swell to ever-greater scales, governments and large enterprises are placing unprecedented emphasis on data sovereignty and regulatory compliance. At re:Invent 2025, AWS unveiled its new A ... Read more
-
Daily CyberSecurity
Microsoft Update Breaks Dark Mode: File Explorer Now Flashes White on Launch
Recently, Microsoft released the preview update KB5070311 for Windows 11 version 24H2/252 — only for users who manually check for updates. Almost immediately, the update was found to introduce a flaw ... Read more
-
Daily CyberSecurity
India Mandates SIM-Binding: WhatsApp and Telegram Users Must Re-verify Every 6 Hours
India’s Department of Telecommunications has issued a new directive to both domestic and international developers of major instant-messaging platforms, requiring that users must not be able to access ... Read more
The following table lists the changes that have been made to the
CVE-2025-58034 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Nov. 21, 2025
Action Type Old Value New Value -
CVE Modified by [email protected]
Nov. 20, 2025
Action Type Old Value New Value Changed Description An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. -
Initial Analysis by [email protected]
Nov. 19, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (excluding) 7.2.12 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.0.2 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.11 *cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (excluding) 7.6.6 Added Reference Type Fortinet, Inc.: https://fortiguard.fortinet.com/psirt/FG-IR-25-513 Types: Vendor Advisory Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-58034 Types: US Government Resource -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Nov. 19, 2025
Action Type Old Value New Value Added Date Added 2025-11-18 Added Due Date 2025-11-25 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Fortinet FortiWeb OS Command Injection Vulnerability -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Nov. 18, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-58034 -
New CVE Received by [email protected]
Nov. 18, 2025
Action Type Old Value New Value Added Description An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. Added CVSS V3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-78 Added Reference https://fortiguard.fortinet.com/psirt/FG-IR-25-513