Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild.

The medium-severity vulnerability, tracked as CVE-2025-58034 , carries a CVSS score of 6.7 out of a maximum of 10.0.

"An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands," the company said in a Tuesday advisory.

In other words, successful attacks require an attacker to first authenticate themselves through some other means and chain it with CVE-2025-58034 to execute arbitrary operating system commands.

It has been addressed in the following versions -

FortiWeb 8.0.0 through 8.0

See Full Page