CVE-2025-58034HIGH 7.2CISA KEVEPSS p98.9%

CVE-2025-58034Fortinet FortiWeb OS Command Injection Vulnerability

Fortinet / FortiWeb

Description

Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.

Scoring

CVSS 3.17.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS54.38% probability of exploitation · percentile 98.9% · 2026-06-18T12:00:27Z
Published2025-11-18
Last modified2025-11-21

CISA KEV entry

Added to KEV: 2025-11-18

Underlying weaknesses· 1

CWE-78

References

  1. https://fortiguard.fortinet.com/psirt/FG-IR-25-513
  2. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-58034

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryFortinet FortiWeb OS Command Injection Vulnerabilitykev-cve-2025-580340%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Fortinet FortiWeb SQL Injection Vulnerability
CVE
CVE-2025-53679
CVE
Fortinet FortiWeb Path Traversal Vulnerability
CVE
CVE-2026-25089
CVE
CVE-2025-25256
CVE
Fortinet FortiOS Out-of-Bound Write Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.