← Zuruck zu CVEs
CVE-2025-58034
HIGHCISA KEV7.2
Beschreibung
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
CVE Details
CVSS v3.1 Bewertung7.2
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht11/18/2025
Zuletzt geandert11/21/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerFortinet
ProduktFortiWeb
SchwachstellennameFortinet FortiWeb OS Command Injection Vulnerability
KEV Aufnahmedatum2025-11-18
Behebungsfrist2025-11-25
Ransomware-NutzungUnknown
Betroffene Produkte
fortinet:fortiweb
Schwachen (CWE)
CWE-78
Referenzen
https://fortiguard.fortinet.com/psirt/FG-IR-25-513(psirt@fortinet.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-58034(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.