CVE ID

CVE-2025-58034

Vulnerability Name

Fortinet FortiWeb OS Command Injection Vulnerability

• Project: Fortinet
• Product: FortiWeb

Date

• Date Added: 2025-11-18
• Due Date: 2025-11-25

Description

Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://fortiguard.fortinet.com/psirt/FG-IR-25-513 ; https://nvd.nist.gov/vuln/detail/CVE-2025-58034

Related Security News

• Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks
• Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
• Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List