CVE-2025-58034

Summary

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb7.6.0 <= 7.6.4affected
FortinetFortiWeb7.4.0 <= 7.4.8affected
FortinetFortiWeb7.2.0 <= 7.2.11affected
FortinetFortiWeb7.0.2 <= 7.0.11affected

Weaknesses

  • CWE-78: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References