Exploitation of Fortinet FortiWeb Vulnerability CVE-2025-58034

Advisory addresses a vulnerability that could allow an authenticated attacker to perform remote code execution via crafted HTTP requests or CLI commands

Threat ID:: CC-4720
Threat Severity:: Medium
Published:: 19 November 2025 12:54 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Advisory addresses a vulnerability that could allow an authenticated attacker to perform remote code execution via crafted HTTP requests or CLI commands

Affected platforms

The following platforms are known to be affected:

Fortinet FortiWeb

8.0: all prior to 8.0.2
7.6: all prior to 7.6.6
7.4: all prior to 7.4.11
7.2: all prior to 7.2.12
7.0: all prior to 7.0.12

Threat details

Fortinet has reported exploitation of CVE-2025-58034

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-58034 to their Known Exploited Vulnerabilities (KEV) Catalog. NHS England National CSOC assesses future exploitation as likely.

Introduction

Fortinet has released a security update to address an exploited vulnerability for FortiWeb.

CVE-2025-58034 - "OS Command Injection" Vulnerability - CVSSv3 score: 6.7

Remediation advice

Affected organisations are strongly encouraged to review Fortinet PSIRT advisory FG-IR-25-513 and apply the relevant updates as soon as possible.

Definitive source of threat updates

https://fortiguard.fortinet.com/psirt/FG-IR-25-513

CVE Vulnerabilities

Status Published

CVE-2025-58034

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.

Last edited: 19 November 2025 12:54 pm