Lucene search
K

8 matches found

Metasploit
Metasploit
added 2025/11/26 6:53 p.m.699 views

Fortinet FortiWeb unauthenticated RCE

This exploit module exploits an authentication bypass via path traversal vulnerability in the Fortinet FortiWeb management interface to create a new local administrator user account. From there a command injection vulnerability is leveraged to achieve RCE with root privileges. The auth bypass...

9.8CVSS7.3AI score0.89177EPSS
Exploits20
GithubExploit
GithubExploit
added 2025/11/25 11:42 a.m.178 views

Exploit for CVE-2025-50834

OS Command Injection Vulnerability in Fortinet FortiWeb CVE-2...

7.2CVSS7.8AI score0.54376EPSS
Exploits9
RedhatCVE
RedhatCVE
added 2025/11/19 5:20 p.m.6 views

CVE-2025-58034

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may...

7.2CVSS7.3AI score0.54376EPSS
Exploits9References1
GithubExploit
GithubExploit
added 2025/11/19 9:52 a.m.375 views

Exploit for CVE-2025-58034

🔒 🚨 CVE-2025-58034: FortiWeb OS Command Injection Zero-Day 🔥...

9.8CVSS8.6AI score0.89177EPSS
Exploits20
The Hacker News
The Hacker News
added 2025/11/19 4:20 a.m.15 views

Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild

Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034 , carries a CVSS score of 6.7 out of a maximum of 10.0. "An Improper Neutralization of Special Elements used in an OS Command 'OS Comman...

9.8CVSS8.8AI score0.89177EPSS
Exploits20
OSV
OSV
added 2025/11/18 5:16 p.m.4 views

CVE-2025-58034

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may...

7.2CVSS6AI score0.54376EPSS
Exploits9References2
CVE
CVE
added 2025/11/18 5:1 p.m.426 views

CVE-2025-58034

CVE-2025-58034 — Fortinet FortiWeb OS Command Injection occurs in FortiWeb 8.0.0–8.0.1, 7.6.0–7.6.5, 7.4.0–7.4.10, 7.2.0–7.2.11, 7.0.0–7.0.11. The flaw is an OS command injection (CWE-78) allowing an authenticated attacker to execute arbitrary commands on the underlying system via crafted HTTP re...

7.2CVSS6.8AI score0.54376EPSS
In wildExploits9References2Affected Software1
CISA
CISA
added 2025/11/18 12:0 p.m.11 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-58034link is external Fortinet FortiWeb OS Command Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...

7.2CVSS7.3AI score0.54376EPSS
In wildExploits9References8
Rows per page
Query Builder