Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: OS command injection vulnerability in Fortinet FortiWeb, Patch Immediately!
Image
Published : 19/11/2025
* Last update: 26/11/2025
* Affected software: Fortinet FortiWeb
→ • FortiWeb 8.0.0 through 8.0.1
→ • FortiWeb 7.6.0 through 7.6.5
→ • FortiWeb 7.4.0 through 7.4.10
→ • FortiWeb 7.2.0 through 7.2.11
→ • FortiWeb 7.0.0 through 7.0.11* Type:
→ • OS command injection
* CVE/CVSS
→ • CVE-2025-58034: CVSS 7.2 (VSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Sources
PSIRT: - https://fortiguard.fortinet.com/psirt/FG-IR-25-513
Risks
An authenticated attacker may execute unauthorised code on a vulnerable device allowing malicious traffic to bypass the security controls. Users behind the firewall may be more vulnerable to malicious traffic. Attackers can abuse this vulnerability to remove a network defense layer, allowing attackers to more easily attack internal machines. Successful exploitation of this vulnerability can lead to a high impact on the confidentiality, integrity and availability of the device.
UPDATE: 26/11/2025
Threat actors are actively exploiting this vulnerability, on its own as well as in combination with CVE-2025-64446 . Threat actors have been observed exploiting CVE-2025-64446 as an initial access vector and then chain CVE-2025-58034 to escalate privileges on a target system. These vulnerabilities chained together could lead to unauthenticated remote code execution against vulnerable FortiWeb products.
Description
An authenticated attacker can execute unauthorised code on the underlying system via crafted HTTP requests or CLI commands. An exploited WAF can cause malicious traffic to bypass the regular security controls and access internal resources.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
UPDATE: 26/11/2025
If you cannot immediately upgrade the affected systems, disable HTTP or HTTPS for internet-facing interfaces. Note: Limiting access to HTTP/HTTPS management interfaces to internal networks is a best practice that reduces, but does not eliminate, risk; upgrading the affected systems remains essential and is the only way to fully remediate this vulnerability.
After upgrading, review configuration and review logs for unexpected modifications or the addition of unauthorized administrator accounts.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version or implementing specific mitigations may protect against future exploitation, it does not remediate historic compromise.
References
NIST - https://nvd.nist.gov/vuln/detail/CVE-2025-58034
CISA - https://www.cisa.gov/news-events/alerts/2025/11/14/fortinet-releases-security-advisory-relative-path-traversal-vulnerability-affecting-fortiweb