SQL Injection Vulnerability in Fortinet FortiWeb Product
CVE-2025-25257

9.6CRITICAL

Key Information:

Vendor

Fortinet
Status
Fortiweb
Vendor
CVE Published:
17 July 2025

Badges

🔥 Trending now📈 Trended📈 Score: 8,180👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-25257?

CVE-2025-25257 represents a significant SQL Injection vulnerability found within the Fortinet FortiWeb product, specifically impacting versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10, and any release below 7.0.10. FortiWeb is a web application firewall designed to protect applications from various security threats, ensuring the integrity and confidentiality of web-based services. The vulnerability arises from an inadequate handling of special characters within SQL commands, allowing unauthenticated attackers to execute malicious SQL code through specially crafted HTTP or HTTPS requests. This opens the door for unauthorized manipulation of database interactions, which can compromise data security and application functionality.

Potential impact of CVE-2025-25257

  1. Data Breach: Exploiting this vulnerability can allow attackers to gain unauthorized access to sensitive information stored in databases. This may lead to severe data leaks or the theft of personally identifiable information (PII), intellectual property, or corporate secrets.

  2. System Compromise: An attacker successfully leveraging this vulnerability could manipulate the application's backend, potentially altering database records, deploying malware, or leading to further system-level vulnerabilities that could compromise the overall security posture of the affected organization.

  3. Service Disruption: The execution of unauthorized SQL commands could result in application downtime or degradation of service performance. Such disruptions can affect user accessibility, leading to a loss of trust among clients and damage to the organization’s reputation.

Affected Version(s)

FortiWeb 7.6.0 <= 7.6.3

FortiWeb 7.4.0 <= 7.4.7

FortiWeb 7.2.0 <= 7.2.10

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-25257
Created by 0xbigshaq

News Articles

favicon imageGBHackers News

FortiWeb Systems Compromised via Webshells After Public PoC Release

A widespread cyberattack campaign has successfully compromised dozens of Fortinet FortiWeb instances through webshell deployment.

16 hours ago

favicon imageCyberSecurityNews

Fortinet FortiWeb Instances Hacked With Webshells Following Public PoC Exploits

Dozens of Fortinet FortiWeb instances have been compromised with webshells in a widespread hacking campaign, according to the threat monitoring organization The Shadowserver Foundation.

1 day ago

favicon imageBleepingComputer

New Fortinet FortiWeb hacks likely linked to public RCE exploits

Multiple Fortinet FortiWeb instances recently infected with web shells are believed to have been compromised using public exploits for a recently patched remote code execution (RCE) flaw tracked as CVE-2025-25257.

1 day ago

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-151

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by CyberSecurityNews

  • Vulnerability Reserved

.
CVE-2025-25257 : SQL Injection Vulnerability in Fortinet FortiWeb Product