CVE-2025-58034 - Fortinet FortiWeb
AI Vulnerability ContextAn Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI...
Overview
A source-backed snapshot of this vulnerability.
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
- CVE ID
- CVE-2025-58034
- Vendor/project
- Fortinet
- Product
- FortiWeb
- Vulnerability name
- Fortinet FortiWeb OS Command Injection Vulnerability
- Date added
- 2025-11-18
- Due date
- 2025-11-25
- Known ransomware campaign use
- Unknown
- CVSS v3
- 7.2
Exploit context
What the vulnerability is about.
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
