SQL Injection Vulnerability in Fortinet FortiWeb Product
CVE-2025-25257

9.6CRITICAL

Key Information:

Vendor

Fortinet

Status
Vendor
CVE Published:
17 July 2025

Badges

📈 Trended📈 Score: 8,180💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 40%🦅 CISA Reported📰 News Worthy

What is CVE-2025-25257?

CVE-2025-25257 represents a significant SQL Injection vulnerability found within the Fortinet FortiWeb product, specifically impacting versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10, and any release below 7.0.10. FortiWeb is a web application firewall designed to protect applications from various security threats, ensuring the integrity and confidentiality of web-based services. The vulnerability arises from an inadequate handling of special characters within SQL commands, allowing unauthenticated attackers to execute malicious SQL code through specially crafted HTTP or HTTPS requests. This opens the door for unauthorized manipulation of database interactions, which can compromise data security and application functionality.

Potential impact of CVE-2025-25257

  1. Data Breach: Exploiting this vulnerability can allow attackers to gain unauthorized access to sensitive information stored in databases. This may lead to severe data leaks or the theft of personally identifiable information (PII), intellectual property, or corporate secrets.

  2. System Compromise: An attacker successfully leveraging this vulnerability could manipulate the application's backend, potentially altering database records, deploying malware, or leading to further system-level vulnerabilities that could compromise the overall security posture of the affected organization.

  3. Service Disruption: The execution of unauthorized SQL commands could result in application downtime or degradation of service performance. Such disruptions can affect user accessibility, leading to a loss of trust among clients and damage to the organization’s reputation.

CISA has reported CVE-2025-25257

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-25257 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

FortiWeb 7.6.0 <= 7.6.3

FortiWeb 7.4.0 <= 7.4.7

FortiWeb 7.2.0 <= 7.2.10

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter is out! Every week, the best security articles from Security Affairs in your email box

3 weeks ago

Week in review: Google fixes zero-day vulnerability in Chrome, critical SQL injection flaw in FortiWeb - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Update Google Chrome to fix actively exploited zero-day

3 weeks ago

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

Hackers exploited a Fortinet FortiWeb flaw the same day a PoC was published, compromising dozens of systems.

3 weeks ago

References

EPSS Score

40% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 🦅

    CISA Reported

  • 📈

    Vulnerability started trending

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by CyberSecurityNews

  • Vulnerability Reserved

.
CVE-2025-25257 : SQL Injection Vulnerability in Fortinet FortiWeb Product