Bright Nexus

Published on November 19, 2025

New FortiWeb 0-Day Code Execution Flaw Actively Exploited

Subject
New FortiWeb 0-Day Code Execution Flaw Actively Exploited

Severity

Medium

Detail

Fortinet has released a new security advisory addressing a critical OS command injection vulnerability impacting multiple FortiWeb versions. The flaw, tracked as CVE-2025-58034, has been confirmed to be actively exploited in real-world attacks.

The vulnerability allows authenticated attackers to execute unauthorized commands on affected systems through specially crafted HTTP requests or through FortiWeb’s command-line interface. The issue results from improper neutralization of special elements in OS commands, aligning with CWE-78.

CVE Number Description CVSS Score (Severity)
CVE-2025-58034An OS command injection flaw caused by improper neutralization of special characters (CWE-78). Exploitable by authenticated attackers to run arbitrary commands.6.7 (Medium)

Although the CVSS score reflects medium severity due to authentication requirements, Fortinet has confirmed active exploitation, making this a high-priority issue for organizations.

Once authenticated, an attacker with elevated privileges could execute arbitrary code on the underlying operating system, potentially leading to full system compromise, data exfiltration, or lateral movement within enterprise networks.

This vulnerability was responsibly disclosed by Jason McFadyen from Trend Micro’s Trend Research team. Fortinet released the advisory on November 18, 2025, under reference FG-IR-25-513.

Affected Version

All vulnerable FortiWeb versions prior to the following releases are affected. Administrators should upgrade immediately:

  • FortiWeb 8.0 → update to 8.0.2 or later
  • FortiWeb 7.6 → update to 7.6.6 or later
  • FortiWeb 7.4 → update to 7.4.11 or later
  • FortiWeb 7.2 → update to 7.2.12 or later
  • FortiWeb 7.0 → update to 7.0.12 or later

Recommendation

Organizations operating FortiWeb devices should:

  • Apply the latest patches immediately.
  • Conduct inventory checks to confirm affected versions.
  • Test updates in staging environments before production deployment.
  • Restrict authenticated access to FortiWeb systems if patching is delayed.
  • Monitor logs for suspicious command execution behavior.
  • Review Fortinet’s CVRF and CSAF documentation for integration into vulnerability management processes.

Source

https://gbhackers.com/new-fortiweb-0-day-code-execution-flaw

https://fortiguard.fortinet.com/psirt/FG-IR-25-513