A web application firewall (WAF) solution that protects web applications and APIs from threats and vulnerabilities through machine learning and AI-powered security. FortiWeb provides protection against OWASP Top 10 threats, zero-day attacks, and bot-based attacks while maintaining high performance and low latency. It offers both cloud-based and on-premises deployment options with features like API protection, automated machine learning, and virtual patching.

Fortinet FortiWeb

A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-59719	CRITICAL	9.8	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Dec 09, 2025
CVE-2025-64447	HIGH	8.1	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Dec 09, 2025
CVE-2025-64471	HIGH	7.5	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Dec 09, 2025
CVE-2025-58034	HIGH	7.2	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	Yes	Yes	Nov 18, 2025
CVE-2025-59669	MEDIUM	5.5	Fortinet FortiWeb	cpe:2.3:a:fortinet:fortiweb	No	Yes	Nov 18, 2025

CVE-2025-64447:
Fortinet FortiWeb vulnerability analysis and mitigation

8.1

Related Fortinet FortiWeb vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2025-64447: Fortinet FortiWeb vulnerability analysis and mitigation