CVE-2025-58034: 
Fortinet FortiWeb vulnerability analysis and mitigation

An OS Command Injection vulnerability (CVE-2025-58034) was discovered in Fortinet FortiWeb, affecting versions 8.0.0 through 8.0.1, 7.6.0 through 7.6.5, 7.4.0 through 7.4.10, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11. The vulnerability was disclosed on November 18, 2025, and has been confirmed to be exploited in the wild. This security flaw allows an authenticated attacker to execute unauthorized code on the underlying system through crafted HTTP requests or CLI commands (Fortinet Advisory, CISA Alert).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an OS Command (CWE-78) with a CVSS v3.1 score of 6.7 (Medium severity). The issue requires authentication for exploitation, indicating that attackers need some level of prior access to the system. The vulnerability specifically affects the API and CLI interfaces of FortiWeb, allowing command injection through specially crafted requests (Fortinet Advisory, Hacker News).

Successful exploitation of CVE-2025-58034 enables authenticated attackers to execute unauthorized code on the underlying system, potentially leading to system compromise. The vulnerability has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog due to its active exploitation in the wild, highlighting its significant security risk (CISA Alert).

Fortinet has released patches for all affected versions and recommends upgrading to the following versions: FortiWeb 8.0.2 or above for 8.0.x, 7.6.6 or above for 7.6.x, 7.4.11 or above for 7.4.x, 7.2.12 or above for 7.2.x, and 7.0.12 or above for 7.0.x. CISA has set a remediation deadline of November 25, 2025, for federal agencies (Fortinet Advisory, CISA Alert).

The security community has shown significant concern about this vulnerability, particularly due to its active exploitation in the wild. The addition to CISA's KEV catalog has elevated its priority for remediation across organizations. Security researchers, including Jason McFadyen from Trend Research, have contributed to the discovery and analysis of this vulnerability (Hacker News).