CVE-2025-58034 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-11-18

Added to CISA KEV: 2025-11-18 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Immediately check for indicators of compromise - review FortiWeb logs for suspicious HTTP requests, unauthorized CLI access, or evidence of command execution. Verify system integrity and check for persistence mechanisms
URGENT: Apply patches immediately - upgrade to FortiWeb 8.0.2+, 7.6.6+, 7.4.11+, 7.2.12+, or 7.0.12+ depending on current version branch
Monitor FortiWeb access logs closely for unusual authentication patterns, failed login attempts, and suspicious HTTP request patterns that could indicate exploitation attempts
PATCH PRIORITY: CRITICAL - This should be treated as emergency patching due to active exploitation and internet-facing nature of the product

🔍 Web Intelligence (Kagi · 2025-11-18)

CVE-2025-58034 is a high-severity OS command injection vulnerability affecting Fortinet FortiWeb ^[2]. Here's what is known about its exploitation:

Affected Applications/Services: The vulnerability affects FortiWeb, a web application firewall designed to protect web applications from various attacks ^[2].
Active Exploitation: It is being actively exploited in attacks ^[3].
Attack Vectors/Exploitation Methods: Authenticated attackers can achieve code execution by exploiting this OS command injection vulnerability through crafted HTTP requests or CLI commands ^[3]^[1]. The attacks are considered low complexity ^[3].
Targeted Attacks: While the provided information confirms active exploitation, it does not specifically detail whether the vulnerability has been used in targeted attacks.
CISA KEV Status: As of November 18, 2025, this CVE is not listed on CISA's Known Exploited Vulnerabilities Catalog.
Technical Details: CVE-2025-58034 involves improper neutralization of special elements used in an OS command, allowing authenticated attackers to execute unauthorized code on the underlying system ^[1].

Fortinet has released security updates to address this zero-day vulnerability ^[3].

Sources

CVE-2025-58034 — Fortiweb | dbugs
Details on CVE-2025-58034: Fortiweb. Includes CVSS score, affected versions, and references.An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 thro…
Fortinet FortiWeb CVE-2025-58034 OS Command Injection – Brief Summary ...
CVE-2025-58034 is a high-severity OS command injection vulnerability in Fortinet FortiWeb, potentially allowing authenticated attackers to run arbitrary commands on the underlying system. FortiWeb is Fortinet's dedicated web application firewall, widely deployed to protect web applications from a ra…
Fortinet warns of new FortiWeb zero-day exploited in attacks
Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. Tracked as CVE-2025-58034, this web application ...

🔴 CVE-2025-58034

📋 Vulnerability Details

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-11-18)

Sources