CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Nov 25, 2025
High
CISA KEVCVE-2025-58034
Fortinet—FortiWeb
Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
Required Action
https://fortiguard.fortinet.com/psirt/FG-IR-25-513 ; https://nvd.nist.gov/vuln/detail/CVE-2025-58034
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Nov 18, 2025
- KEV Added
- Nov 18, 2025
- Due Date
- Nov 25, 2025
- Related Articles
- 0
Vendor
Fortinet
FortiWeb