Threat Advisories - NVD Disclosed November 18, 2025

CVE-2025-58034

FortiWeb OS Command Injection Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An OS command injection vulnerability in Fortinet FortiWeb allows an authenticated attacker to execute unauthorized code. This poses a business risk by potentially compromising the underlying system, impacting data integrity and availability.

NVD published: November 18, 2025 • CISA KEV