DEV Community

Cover image for CVE-2025-58034: Fortinet FortiWeb OS Command Injection Vulnerability
Freedom Coder
Freedom Coder

Posted on • Originally published at scyscan.com

CVE-2025-58034: Fortinet FortiWeb OS Command Injection Vulnerability

#fortinet #fortiweb #cybersecurity #vulnerability

CVE ID

CVE-2025-58034

Vulnerability Name

Fortinet FortiWeb OS Command Injection Vulnerability

  • Project: Fortinet
  • Product: FortiWeb

Date

  • Date Added: 2025-11-18
  • Due Date: 2025-11-25

Description

Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://fortiguard.fortinet.com/psirt/FG-IR-25-513 ; https://nvd.nist.gov/vuln/detail/CVE-2025-58034

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

Top comments (0)