Warning: OS command injection vulnerability in Fortinet FortiWeb, Patch Immediately!

    * Last update:  19/11/2025
   
    * Affected software: Fortinet FortiWeb
        → • FortiWeb 8.0.0 through 8.0.1
        → • FortiWeb 7.6.0 through 7.6.5
        → • FortiWeb 7.4.0 through 7.4.10
        → • FortiWeb 7.2.0 through 7.2.11
        → • FortiWeb 7.0.0 through 7.0.11

    * Type:
        → • OS command injection
 
    * CVE/CVSS
        → • CVE-2025-58034: CVSS 7.2 (VSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Sources

 
PSIRT: https://fortiguard.fortinet.com/psirt/FG-IR-25-513

Risks

An authenticated attacker may execute unauthorised code on a vulnerable device allowing malicious traffic to bypass the security controls. Users behind the firewall may be more vulnerable to malicious traffic. Attackers can abuse this vulnerability to remove a network defense layer, allowing attackers to more easily attack internal machines. Successful exploitation of this vulnerability can lead to a high impact on the confidentiality, integrity and availability of the device.

Description

An authenticated attacker can execute unauthorised code on the underlying system via crafted HTTP requests or CLI commands. An exploited WAF can cause malicious traffic to bypass the regular security controls and access internal resources.

Recommended Actions

 
Patch 

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
 
Monitor/Detect 

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
 
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.

While patching appliances or software to the newest version or implementing specific mitigations may protect against future exploitation, it does not remediate historic compromise.

References
NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-58034