CVE-2025-58034

Fortinet warns of actively exploited FortiWeb command injection vulnerability

![Image Main](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEKdkwpYxJC7o2i7S9wnA23qyb2BohSBPoI9nZSfX-qt7bRgSwxhDKYeogidmxxGNCSI0l- l-cKj8eJsA4bDVEjsUAiQVmw8bK6ZTE7omWqq7kSP0L_DpCG23Q91NjEx-lrepVUjzwSKo2 _H6Ke4I-7XOPHZAiGYhdHB3eTOCG8S_ksc1SEJU4PchDAuSM/s790-rw-e365/fort.jpg) Fortinet has issued a crucial security alert about a new vulnerability in its FortiWeb product (a web application firewall), confirming that the flaw is already being actively exploited by attackers. This vulnerability, classified as medium severity, requires immediate action by system administrators. Vulnerability Details (CVE-2025-58034) The security flaw, identified as CVE-2025-58034, has a CVSS score of 6.7. Fortinet describes it as a “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” vulnerability (CWE-78). ...

November 19, 2025 · Comfidentia
Español English