PT-2025-47361 · Fortinet · Fortiweb
Published
2025-11-18
·
Updated
2025-12-04
·
CVE-2025-58034
CVSS v2.0
9.0
9.0
High
| Base vector | Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiWeb versions 7.0.0 through 8.0.1
Fortinet FortiWeb versions 7.2.0 through 7.2.11
Fortinet FortiWeb versions 7.4.0 through 7.4.10
Fortinet FortiWeb versions 7.6.0 through 7.6.5
Description
Fortinet FortiWeb is affected by an OS Command Injection vulnerability. Successful exploitation of this issue allows an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. This vulnerability is actively being exploited in the wild. Approximately 10.5K services are currently exposed.
Recommendations
FortiWeb versions 7.0.0 through 7.0.11 should be updated.
FortiWeb versions 7.2.0 through 7.2.11 should be updated.
FortiWeb versions 7.4.0 through 7.4.10 should be updated.
FortiWeb versions 7.6.0 through 7.6.5 should be updated.
FortiWeb versions 8.0.0 through 8.0.1 should be updated.
Fix
RCE
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com
Weakness Enumeration
Related Identifiers
BDU:2025-14466
CVE-2025-58034
ZDI-25-1014
Affected Products
Fortiweb
References · 109
- https://fortiguard.fortinet.com/psirt/FG-IR-25-513 · Security Note, Vendor Advisory
- https://zerodayinitiative.com/advisories/ZDI-25-1014 · Security Note
- https://nvd.nist.gov/vuln/detail/CVE-2025-58034 · Security Note
- https://bdu.fstec.ru/vul/2025-14466 · Security Note
- https://twitter.com/RigneySec/status/1991006913887433002 · Twitter Post
- https://twitter.com/RedLegg/status/1991269618871136382 · Twitter Post
- https://reddit.com/r/CVEWatch/comments/1p4k1tl/top_10_trending_cves_23112025 · Reddit Post
- https://twitter.com/cybernewslive/status/1991356171580580045 · Twitter Post
- https://twitter.com/TweetThreatNews/status/1990910938254356653 · Twitter Post
- https://twitter.com/TheCySecNews/status/1991004149010342153 · Twitter Post
- https://twitter.com/RIPS73R/status/1991493306887418294 · Twitter Post
- https://twitter.com/HunterMapping/status/1991031605276680249 · Twitter Post
- https://twitter.com/TechTrendEcho/status/1991869454116892900 · Twitter Post
- https://reddit.com/r/CVEWatch/comments/1p14p4v/top_10_trending_cves_19112025 · Reddit Post
- https://twitter.com/censysio/status/1991625238568632788 · Twitter Post