VDB

GCVE-VVD-NCSC-2025-372

GCVE-VVD-NCSC-2025-372
Advisory PublishedCVSS 7.2/10
Vulnetix · Advisory published November 19, 2025
Fortinet FortiWeb versions 8.0.0 to 8.0.1, 7.6.0 to 7.6.5, 7.4.0 to 7.4.10, 7.2.0 to 7.2.11, and 7.0.0 to 7.0.11 are vulnerable to OS Command Injection, allowing authenticated attackers to execute unauthorized code.
Download JSON Open in Console

Weaknesses (CWE)

CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Risk Scores

CVSS 3.1
7.2/10
High · CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Fortinetvers:unknown/*

Aliases

CVE-2025-58034

Transitive aliases

VVD-CISA-2025-58034EUVD-2025-198020BDU:2025-14466GHSA-47cr-8w72-ggmcVVD-CESS-2025-58034NCSC-2025-0372

References

advisory
advisory
exploit
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›