cbcvebase.
CVE-2025-58034
published 2025-11-18

CVE-2025-58034: An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0…

PriorityP187high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2025-11-25
Exploited in the wild
EPSS
54.38%
98.9th percentile
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.

Affected

12 ranges
VendorProductVersion rangeFixed in
fortinetfortinet
fortinetfortiweb
fortinetfortiweb>= 7.0.0 < 7.0.127.0.12
fortinetfortiweb7.0.2 – 7.0.11
fortinetfortiweb>= 7.2.0 < 7.2.127.2.12
fortinetfortiweb7.2.0 – 7.2.11
fortinetfortiweb>= 7.4.0 < 7.4.117.4.11
fortinetfortiweb7.4.0 – 7.4.8
fortinetfortiweb>= 7.6.0 < 7.6.67.6.6
fortinetfortiweb7.6.0 – 7.6.4
fortinetfortiweb>= 8.0.0 < 8.0.28.0.2
msrccbl2_kernel_5.15.176.3-3_on_cbl_mariner_2.0

Detection & IOCsextracted from sources · hover to see the quote

otherpolicy_scripting_post_handler
sigma
Fortinet FortiWeb Command Injection (CVE-2025-58034)
  • Trend Micro observed approximately 2000 in-the-wild detections of active exploitation; monitor FortiWeb devices for unexpected code execution or OS command activity originating from authenticated HTTP requests or CLI commands.
  • Exploitation allows code execution as root via crafted HTTP requests or CLI commands; alert on unexpected root-level process spawning from FortiWeb web service processes.
  • ·CISA added CVE-2025-58034 to its Known Exploited Vulnerabilities Catalog; FCEB agencies were mandated to patch by November 25, 2025 under BOD 22-01.

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vulncheck7.2HIGH
cisa7.2HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.