FortiMail is a comprehensive and robust email security platform designed by Fortinet. It uses sophisticated detection methods to identify and block malicious and unsolicited emails.

Fortimail

A web application firewall (WAF) solution that protects web applications and APIs from threats and vulnerabilities through machine learning and AI-powered security. FortiWeb provides protection against OWASP Top 10 threats, zero-day attacks, and bot-based attacks while maintaining high performance and low latency. It offers both cloud-based and on-premises deployment options with features like API protection, automated machine learning, and virtual patching.

Fortinet FortiWeb

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-32756	CRITICAL	9.8	Fortimail	cpe:2.3:a:fortinet:fortimail	Yes	Yes	May 13, 2025
CVE-2023-33302	HIGH	8.8	Fortimail	cpe:2.3:a:fortinet:fortimail	No	Yes	Mar 31, 2025
CVE-2024-40588	MEDIUM	4.4	Fortimail	cpe:2.3:a:fortinet:fortimail	No	Yes	Aug 12, 2025
CVE-2025-54972	MEDIUM	4.3	Fortimail	cpe:2.3:a:fortinet:fortimail	No	Yes	Nov 18, 2025
CVE-2024-47569	MEDIUM	4.3	FortiOS	cpe:2.3:a:fortinet:fortimanager	No	Yes	Oct 14, 2025

CVE-2021-32591:
Fortimail vulnerability analysis and mitigation

5.3

Related Fortimail vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2021-32591: Fortimail vulnerability analysis and mitigation