CVE-2025-58034_CVE-2025-58034

6.7 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Description

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.

Basic Information

ID CVE-2025-58034

Source fortinet

Published Nov 18, 2025 at 17:01

Modified Nov 18, 2025 at 20:41

Affected Product

Vendor Fortinet

Product FortiWeb

Version 7.6.0

Affected Versions Fortinet FortiWeb 7.6.0
Fortinet FortiWeb 7.4.0
Fortinet FortiWeb 7.2.0
Fortinet FortiWeb 7.0.2

CWE Classification

CWE-78

References

fortiguard.fortinet.com /psirt/FG-IR-25-513

{
    "lastseen": "",
    "description": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.",
    "published": "2025-11-18T17:01:13.513Z",
    "modified": "2025-11-18T20:41:31.351Z",
    "type": "cve",
    "title": "CVE-2025-58034",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-25-513",
    "id": "CVE-2025-58034",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiWeb 7.6.0\nFortinet FortiWeb 7.4.0\nFortinet FortiWeb 7.2.0\nFortinet FortiWeb 7.0.2",
    "sourceHref": "",
    "cvss": {
        "score": 6.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiWeb",
    "version": "7.6.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}