Fortinet has disclosed a critical OS command injection vulnerability affecting multiple versions of FortiWeb that is currently being exploited in the wild.
The flaw, tracked as CVE-2025-58034, allows authenticated attackers to execute unauthorized code on vulnerable systems through specially crafted HTTP requests or command-line interface commands.
| Aspect | Details |
|---|---|
| CVE ID | CVE-2025-58034 |
| Vulnerability Type | OS Command Injection (CWE-78) |
| CVSS Score | 6.7 (Medium) |
| Impact | Execute unauthorized code or commands |
Active Exploitation Confirmed
The vulnerability poses a significant security risk, as Fortinet has confirmed active exploitation attempts in real-world environments.
Organizations running affected FortiWeb versions should prioritize immediate patching to prevent potential compromise.
The flaw stems from improper neutralization of special elements used in operating system commands, classified under CWE-78, a known attack vector for bypassing security controls and gaining unauthorized system access.
The command injection vulnerability requires an authenticated attacker with elevated privileges to exploit, meaning attackers must first obtain valid credentials or authentication tokens.
However, once authenticated, the flaw provides a direct path to executing arbitrary code on the underlying operating system, potentially leading to complete system compromise, data theft, or lateral movement within enterprise networks.
Fortinet has released patched versions for all affected FortiWeb releases. Organizations should immediately upgrade to the following minimum versions:
- FortiWeb 8.0: Upgrade to version 8.0.2 or later
- FortiWeb 7.6: Upgrade to version 7.6.6 or later
- FortiWeb 7.4: Upgrade to version 7.4.11 or later
- FortiWeb 7.2: Upgrade to version 7.2.12 or later
- FortiWeb 7.0: Upgrade to version 7.0.12 or later
The vulnerability carries a CVSS v3.1 score of 6.7, classified as medium severity, though its active exploitation and code-execution capabilities make this a high-priority issue for organizations operating FortiWeb deployments.
The score reflects the attack’s requirements for authentication and specific conditions, but the impact remains severe.
Security researcher Jason McFadyen from Trend Micro’s Trend Research team responsibly disclosed this vulnerability to Fortinet, allowing the company to develop and test patches before public notification.
Fortinet published the advisory on November 18, 2025, assigning it the internal reference number FG-IR-25-513.
Organizations should conduct an immediate inventory of FortiWeb deployments and their current versions.
IT teams should prioritize testing patches in non-production environments before deploying to live systems.
For those unable to patch immediately, network administrators should implement additional access controls restricting authenticated access to FortiWeb systems and monitor for suspicious command execution patterns.
Fortinet has provided comprehensive vulnerability documentation, including CVRF and CSAF files, for integration into security tools and vulnerability management platforms.
Security teams should review logs for potential exploitation attempts and verify the integrity of systems that may be affected by this vulnerability.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.