SQL Injection Vulnerability in Fortinet FortiWeb Product
CVE-2025-25257
Key Information:
Badges
What is CVE-2025-25257?
CVE-2025-25257 represents a significant SQL Injection vulnerability found within the Fortinet FortiWeb product, specifically impacting versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10, and any release below 7.0.10. FortiWeb is a web application firewall designed to protect applications from various security threats, ensuring the integrity and confidentiality of web-based services. The vulnerability arises from an inadequate handling of special characters within SQL commands, allowing unauthenticated attackers to execute malicious SQL code through specially crafted HTTP or HTTPS requests. This opens the door for unauthorized manipulation of database interactions, which can compromise data security and application functionality.
Potential impact of CVE-2025-25257
-
Data Breach: Exploiting this vulnerability can allow attackers to gain unauthorized access to sensitive information stored in databases. This may lead to severe data leaks or the theft of personally identifiable information (PII), intellectual property, or corporate secrets.
-
System Compromise: An attacker successfully leveraging this vulnerability could manipulate the application's backend, potentially altering database records, deploying malware, or leading to further system-level vulnerabilities that could compromise the overall security posture of the affected organization.
-
Service Disruption: The execution of unauthorized SQL commands could result in application downtime or degradation of service performance. Such disruptions can affect user accessibility, leading to a loss of trust among clients and damage to the organization’s reputation.
CISA has reported CVE-2025-25257
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-25257 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
FortiWeb 7.6.0 <= 7.6.3
FortiWeb 7.4.0 <= 7.4.7
FortiWeb 7.2.0 <= 7.2.10
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter is out! Every week, the best security articles from Security Affairs in your email box
Help Net SecurityWeek in review: Google fixes zero-day vulnerability in Chrome, critical SQL injection flaw in FortiWeb - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Update Google Chrome to fix actively exploited zero-day
Security AffairsCVE-2025-25257Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release
Hackers exploited a Fortinet FortiWeb flaw the same day a PoC was published, compromising dozens of systems.
References
EPSS Score
45% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 📈
Vulnerability started trending
Vulnerability published
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by CyberSecurityNews
Vulnerability Reserved