Full Report
Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0. "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute
Analysis Summary
# Vulnerability: FortiWeb OS Command Injection Flaw
## CVE Details
- CVE ID: CVE-2025-58034
- CVSS Score: 6.7 (Medium)
- CWE: CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'))
## Affected Systems
- Products: FortiWeb
- Versions:
- 8.0.0 through 8.0.1 (Fixed in 8.0.2 or above)
- 7.6.0 through 7.6.5 (Fixed in 7.6.6 or above)
- 7.4.0 through 7.4.10 (Fixed in 7.4.11 or above)
- 7.2.0 through 7.2.11 (Fixed in 7.2.12 or above)
- 7.0.0 through 7.0.11 (Fixed in 7.0.12 or above)
- Configurations: Requires the attacker to be authenticated.
## Vulnerability Description
The vulnerability is an OS Command Injection flaw in FortiWeb due to improper neutralization of special elements used in system commands. This flaw may allow an authenticated attacker, via specially crafted HTTP requests or CLI commands, to execute unauthorized operating system commands on the underlying system. Successful exploitation requires the attacker to already possess valid authentication credentials.
## Exploitation
- Status: Exploited in the wild
- Complexity: Not explicitly stated, but chaining with successful authentication suggests medium or higher initial complexity depending on the specific workflow.
- Attack Vector: Network (via HTTP requests or CLI commands)
## Impact
- Confidentiality: Likely High (OS Command execution often leads to unauthorized access/data disclosure)
- Integrity: Likely High (Ability to execute arbitrary code generally compromises system integrity)
- Availability: Likely High (Arbitrary code execution can lead to denial of service or system instability)
*Note: Specific impact levels were inferred based on the nature of OS Command Injection when coupled with root access capabilities.*
## Remediation
### Patches
- Upgrade FortiWeb to:
- 8.0.2 or above
- 7.6.6 or above
- 7.4.11 or above
- 7.2.12 or above
- 7.0.12 or above
### Workarounds
- No specific workarounds were detailed in the provided context. The primary mitigation is patching.
## Detection
- Detection methods and tools are not explicitly detailed in the summary. Given the nature of the exploit:
- Monitor network traffic (HTTP requests) and CLI command inputs for anomalous characters or shell metacharacters indicative of command injection attempts, specifically targeting authenticated sessions.
- Review system logs for unexpected or unauthorized processes launched by the FortiWeb application.
## References
- Vendor Advisory: fortiguard dot fortinet dot com / psirt / FG-IR-25-513