A web application firewall (WAF) solution that protects web applications and APIs from threats and vulnerabilities through machine learning and AI-powered security. FortiWeb provides protection against OWASP Top 10 threats, zero-day attacks, and bot-based attacks while maintaining high performance and low latency. It offers both cloud-based and on-premises deployment options with features like API protection, automated machine learning, and virtual patching.

Fortinet FortiWeb

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands over the log database via specifically crafted strings parameters.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-59719	CRITICAL	9.8	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Dec 09, 2025
CVE-2025-64447	HIGH	8.1	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Dec 09, 2025
CVE-2025-64471	HIGH	7.5	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Dec 09, 2025
CVE-2025-58034	HIGH	7.2	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	Yes	Yes	Nov 18, 2025
CVE-2025-59669	MEDIUM	5.5	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Nov 18, 2025

CVE-2022-29059:
Fortinet FortiWeb vulnerability analysis and mitigation

7.2

Related Fortinet FortiWeb vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2022-29059: Fortinet FortiWeb vulnerability analysis and mitigation