Fortinet has issued a warning regarding a new security vulnerability in its FortiWeb product, designated as CVE-2025-58034. This flaw is characterized as a medium-severity issue, with a CVSS score of 6.7 out of a possible 10. The vulnerability stems from an improper neutralization of special elements used in an OS command, also known as OS Command Injection (CWE-78). It allows authenticated attackers to execute arbitrary commands within the affected system, posing significant security risks.
Fortinet’s disclosure emphasizes the immediacy of addressing this vulnerability, as it has already been seen exploited in the wild. Organizations using FortiWeb are encouraged to apply necessary patches and safeguards to mitigate potential threats stemming from this flaw. Vigilance and timely response are urged to protect sensitive systems from unauthorized access or exploitation, especially since instances of exploitation may lead to broader security breaches.
👉 Pročitaj original: The Hacker News
