← Voltar para CVEs
CVE-2025-58034
HIGHCISA KEV7.2
Descricao
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
Detalhes CVE
Pontuacao CVSS v3.17.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado11/18/2025
Ultima modificacao11/21/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorFortinet
ProdutoFortiWeb
Nome da vulnerabilidadeFortinet FortiWeb OS Command Injection Vulnerability
Data inclusao KEV2025-11-18
Prazo de remediacao2025-11-25
Uso em ransomwareUnknown
Produtos afetados
fortinet:fortiweb
Fraquezas (CWE)
CWE-78
Referencias
https://fortiguard.fortinet.com/psirt/FG-IR-25-513(psirt@fortinet.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-58034(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.