CVE-2025-58034
Published: 18 November 2025
Summary
CVE-2025-58034 is a high-severity OS Command Injection (CWE-78) vulnerability in Fortinet Fortiweb. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates OS command injection by requiring validation and sanitization of crafted HTTP requests and CLI commands containing special elements.
Addresses the specific flaw in FortiWeb by requiring timely identification, reporting, and patching of the improper neutralization vulnerability.
Limits the impact of unauthorized code execution by authenticated high-privilege attackers through enforcement of least privilege on the underlying system.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-58034 is an OS command injection in a public-facing FortiWeb appliance, directly enabling exploitation of public-facing applications (T1190) and execution via Unix shell (T1059.004) through crafted HTTP requests or CLI commands.
NVD Description
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may…
more
allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
Deeper analysisAI
CVE-2025-58034 is an Improper Neutralization of Special Elements used in an OS Command, classified as an OS Command Injection vulnerability (CWE-78), affecting multiple versions of Fortinet FortiWeb. The impacted releases include FortiWeb 8.0.0 through 8.0.1, 7.6.0 through 7.6.5, 7.4.0 through 7.4.10, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11. Published on 2025-11-18, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
An authenticated attacker with high privileges (PR:H) can exploit this vulnerability remotely over the network (AV:N) with low complexity (AC:L) and no user interaction required (UI:N). By crafting specific HTTP requests or CLI commands, the attacker may execute unauthorized code on the underlying system, achieving high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U).
Fortinet's PSIRT advisory provides details on mitigation and patches at https://fortiguard.fortinet.com/psirt/FG-IR-25-513. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-58034, signaling real-world exploitation and urging immediate remediation.
Details
- CWE(s)
- KEV Date Added
- 18 November 2025