A web application firewall (WAF) solution that protects web applications and APIs from threats and vulnerabilities through machine learning and AI-powered security. FortiWeb provides protection against OWASP Top 10 threats, zero-day attacks, and bot-based attacks while maintaining high performance and low latency. It offers both cloud-based and on-premises deployment options with features like API protection, automated machine learning, and virtual patching.

Fortinet FortiWeb

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-59719	CRITICAL	9.8	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Dec 09, 2025
CVE-2025-64447	HIGH	8.1	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Dec 09, 2025
CVE-2025-64471	HIGH	7.5	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Dec 09, 2025
CVE-2025-58034	HIGH	7.2	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	Yes	Yes	Nov 18, 2025
CVE-2025-59669	MEDIUM	5.5	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Nov 18, 2025

CVE-2021-36188:
Fortinet FortiWeb vulnerability analysis and mitigation

6.1

Related Fortinet FortiWeb vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2021-36188: Fortinet FortiWeb vulnerability analysis and mitigation