U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

Overview

CISA has added a second Fortinet FortiWeb vulnerability in just a few days to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is tracked as CVE-2025-58034 with a CVSS score of 6.7 and has been actively exploited in the wild.

Details

The vulnerability, an improper neutralization of special elements used in an OS Command (‘OS Command Injection’) vulnerability (CWE-78), can be triggered by an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. The advisory notes: “An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.” Fortinet has observed this vulnerability being exploited in the wild.

Affected versions

The notice lists affected FortiWeb versions, as described in the advisory (refer to official sources for exact version ranges).

Context

As part of the Reducing the Significant Risk of Known Exploited Vulnerabilities directive (Binding Operational Directive 22-01), U.S. Federal agencies (FCEB) are required to address identified KEV catalog vulnerabilities by their due dates to protect networks from exploitation.

Authored summary

FortiWeb's OS Command Injection flaw (CVE-2025-58034) adds a new, actively exploited entry to CISA's KEV catalog, prompting urgent patching and compliance actions across affected systems.

Author's note

This summary preserves the core facts and quotes from the advisory, avoiding new conjectures and maintaining a concise synthesis suitable for quick briefing.

Security Affairs — 2025-11-19