Multiple OS command injection in API and CLI

Multiple OS command injection in API and CLI Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-25-513 Final 1 1 2025-11-18T00:00:00 Current version 2025-11-18T00:00:00 2025-11-18T00:00:00 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.Fortinet has observed this to be exploited in the wild.FortiAppSec Cloud is NOT impacted by this vulnerability. None Execute unauthorized code or commands None Discovered by Fortinet Threat intelligence with additional thanks to Jason McFadyen from Trend Research (Trend Micro). FortiWeb 8.0.1 FortiWeb 8.0.0 FortiWeb 7.6.5 FortiWeb 7.6.4 FortiWeb 7.6.3 FortiWeb 7.6.2 FortiWeb 7.6.1 FortiWeb 7.6.0 FortiWeb 7.4.10 FortiWeb 7.4.9 FortiWeb 7.4.8 FortiWeb 7.4.7 FortiWeb 7.4.6 FortiWeb 7.4.5 FortiWeb 7.4.4 FortiWeb 7.4.3 FortiWeb 7.4.2 FortiWeb 7.4.1 FortiWeb 7.4.0 FortiWeb 7.2.11 FortiWeb 7.2.10 FortiWeb 7.2.9 FortiWeb 7.2.8 FortiWeb 7.2.7 FortiWeb 7.2.6 FortiWeb 7.2.5 FortiWeb 7.2.4 FortiWeb 7.2.3 FortiWeb 7.2.2 FortiWeb 7.2.1 FortiWeb 7.2.0 FortiWeb 7.0.11 FortiWeb 7.0.10 FortiWeb 7.0.9 FortiWeb 7.0.8 FortiWeb 7.0.7 FortiWeb 7.0.6 FortiWeb 7.0.5 FortiWeb 7.0.4 FortiWeb 7.0.3 FortiWeb 7.0.2 FortiWeb 7.0.1 FortiWeb 7.0.0 Multiple OS command injection in API and CLI CVE-2025-58034 FortiWeb-8.0.1 FortiWeb-8.0.0 FortiWeb-7.6.5 FortiWeb-7.6.4 FortiWeb-7.6.3 FortiWeb-7.6.2 FortiWeb-7.6.1 FortiWeb-7.6.0 FortiWeb-7.4.10 FortiWeb-7.4.9 FortiWeb-7.4.8 FortiWeb-7.4.7 FortiWeb-7.4.6 FortiWeb-7.4.5 FortiWeb-7.4.4 FortiWeb-7.4.3 FortiWeb-7.4.2 FortiWeb-7.4.1 FortiWeb-7.4.0 FortiWeb-7.2.11 FortiWeb-7.2.10 FortiWeb-7.2.9 FortiWeb-7.2.8 FortiWeb-7.2.7 FortiWeb-7.2.6 FortiWeb-7.2.5 FortiWeb-7.2.4 FortiWeb-7.2.3 FortiWeb-7.2.2 FortiWeb-7.2.1 FortiWeb-7.2.0 FortiWeb-7.0.11 FortiWeb-7.0.10 FortiWeb-7.0.9 FortiWeb-7.0.8 FortiWeb-7.0.7 FortiWeb-7.0.6 FortiWeb-7.0.5 FortiWeb-7.0.4 FortiWeb-7.0.3 FortiWeb-7.0.2 FortiWeb-7.0.1 FortiWeb-7.0.0 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-25-513 Multiple OS command injection in API and CLI Reference>