Back to KEVs

CVE-2025-58034

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet...

Basic Information

CVE State
PUBLISHED
Reserved Date
August 22, 2025
Published Date
November 18, 2025
Last Updated
February 26, 2026
Vendor
Fortinet
Product
FortiWeb
Description
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
Tags
cisa

CVSS Scores

CVSS v3.1

6.7 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2026-06-01 10:44:37 UTC) Source

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-513

Known Exploited Vulnerability Information

Source Added Date
CVE 2026-06-01 10:44:37 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel