Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild
Summary
Fortinet has issued a warning regarding a medium-severity vulnerability in FortiWeb, tracked as CVE-2025-58034, which has been actively exploited in the wild. The flaw, categorized as an OS Command Injection vulnerability, could allow authenticated attackers to execute arbitrary commands on affected systems.
Original Article Summary
Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0. "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute
Impact
FortiWeb
In the Wild
Yes
Timeline
Newly disclosed
Remediation
Fortinet recommends that users apply available security patches and updates for FortiWeb to mitigate the risk associated with this vulnerability. Users should also review their authentication mechanisms and limit access to FortiWeb to trusted users only.