{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-58034","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2025-08-22T13:55:12.100Z","datePublished":"2025-11-18T17:01:13.513Z","dateUpdated":"2026-02-26T16:21:13.757Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiWeb","cpes":["cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.6.0","lessThanOrEqual":"7.6.4","status":"affected"},{"versionType":"semver","version":"7.4.0","lessThanOrEqual":"7.4.8","status":"affected"},{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.11","status":"affected"},{"versionType":"semver","version":"7.0.2","lessThanOrEqual":"7.0.11","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2026-01-14T09:16:02.977Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-78","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C"}}],"solutions":[{"lang":"en","value":"Upgrade to FortiWeb version 8.0.2 or above\nUpgrade to FortiWeb version 7.6.6 or above\nUpgrade to FortiWeb version 7.4.11 or above\nUpgrade to FortiWeb version 7.2.12 or above\nUpgrade to FortiWeb version 7.0.12 or above"}],"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-25-513","url":"https://fortiguard.fortinet.com/psirt/FG-IR-25-513"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-58034","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-11-19T04:55:37.672981Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2025-11-18","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-58034"}}}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-58034","tags":["government-resource"]}],"timeline":[{"time":"2025-11-18T00:00:00.000Z","lang":"en","value":"CVE-2025-58034 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T16:21:13.757Z"}}]}}