A web application firewall (WAF) solution that protects web applications and APIs from threats and vulnerabilities through machine learning and AI-powered security. FortiWeb provides protection against OWASP Top 10 threats, zero-day attacks, and bot-based attacks while maintaining high performance and low latency. It offers both cloud-based and on-premises deployment options with features like API protection, automated machine learning, and virtual patching.

Fortinet FortiWeb

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-64446	CRITICAL	9.8	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	Yes	Yes	Nov 14, 2025
CVE-2025-58034	HIGH	7.2	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	Yes	Yes	Nov 18, 2025
CVE-2025-59669	MEDIUM	5.5	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Nov 18, 2025
CVE-2025-53609	MEDIUM	4.9	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Sep 09, 2025
CVE-2024-47569	MEDIUM	4.3	FortiOS	cpe:2.3:a:fortinet:fortiproxy	No	Yes	Oct 14, 2025

CVE-2023-23779:
Fortinet FortiWeb vulnerability analysis and mitigation

8.8

Related Fortinet FortiWeb vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2023-23779: Fortinet FortiWeb vulnerability analysis and mitigation