CVE-2025-25257
Published Jul 17, 2025
Last updated a month ago
AI description
CVE-2025-25257 is a critical SQL injection vulnerability found in Fortinet's FortiWeb web application firewall. This vulnerability, classified as CWE-89, stems from improper neutralization of special elements used in SQL commands. The vulnerability allows unauthenticated attackers to execute unauthorized SQL code or commands by sending crafted HTTP or HTTPS requests to the FortiWeb management interface. Successful exploitation could lead to attackers accessing sensitive data, altering database contents, or compromising backend systems.
- Description
- An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortiweb
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Fortinet FortiWeb SQL Injection Vulnerability
- Exploit added on
- Jul 18, 2025
- Exploit action due
- Aug 8, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- psirt@fortinet.com
- CWE-89
- Hype score
- Not currently trending
A critical auth-bypass flaw in #Fortinet FortiWeb (CVE-2025-25257, CVSS 9.8) is being exploited to create rogue admin accounts via crafted POST requests. Versions 7.0.0–7.6.3 are affected. A FortiWeb zero-day was also advertised on a black-hat forum on 6 Nov. https://t.co/xby5k
@MeridianEU
14 Nov 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Cybercrime detected: SOURCE: @ColoCrossing Threats detected from: https://t.co/PzutqqEa1c attempting to exploit (CVE-2025-25257) against a Fortinet firewall. https://t.co/mBGjFEdzJw https://t.co/xD81UA4qey intel from @DefusedCyber enriched with @shodanhq and @ipinfo http
@UK_Daniel_Card
11 Nov 2025
3776 Impressions
0 Retweets
8 Likes
3 Bookmarks
3 Replies
1 Quote
Patching Motivation of the Day 👇 Actor repeatedly hammering the CVE-2025-25257 exploit onto our Fortiweb honeypots with a DROP TABLE payload 213.209.143.41 just wants to watch the world burn! 🔥 https://t.co/7lzSHIo0z2
@DefusedCyber
4 Nov 2025
4846 Impressions
3 Retweets
20 Likes
6 Bookmarks
0 Replies
1 Quote
Actor exploiting CVE-2025-25257 (FortiWeb SQLi) from 172.96.141.66 🇺🇸 (RELIABLESITE) VT Detections: 0/95 🟢 Payload in Authorization: Bearer header 📸 select/**/a/**/from/**/fabric_user.a/**/into/**/outfile/**/var/log/lib/python3.10/pylab.py'/**/FIELDS/**/ESCAPED/*
@DefusedCyber
30 Oct 2025
3316 Impressions
6 Retweets
19 Likes
9 Bookmarks
1 Reply
1 Quote
Actor exploiting multiple Fortinet Fortiweb honeypots from 185.253.163.82 🇺🇸( M247 Europe SRL ) VirusTotal Detections 0/95 🟢 The actor exploited CVE-2025-25257 on multiple Fortiweb honeypots, plus attempted logging in as administrator https://t.co/qDKc4RKtAV
@DefusedCyber
28 Oct 2025
741 Impressions
2 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
Actor exploiting CVE-2025-25257 (FortiWeb SQLi) from 43.164.197.93 🇧🇷 ( Tencent Building, Kejizhongyi Avenue ) VirusTotal Detections: 0/95 🟢 for both IPs (recorded and proxy IP) Exploit had a X-Real-IP header disclosing a second IP used in the attack (23.158.104.240
@DefusedCyber
23 Oct 2025
1761 Impressions
2 Retweets
15 Likes
2 Bookmarks
1 Reply
1 Quote
Actor exploiting CVE-2025-25257 (FortiWeb SQLi) from 149.88.26.225 🇮🇱 ( Datacamp Limited ) VirusTotal Detections: 0/95 🟢 Payload 📸 ... import os os.system('chmod +x /migadmin/cgi-bin/x.cgi && rm -f /var/log/lib/python3.10/pylab.py') https://t.co/ViuQTBu
@DefusedCyber
20 Oct 2025
1950 Impressions
3 Retweets
9 Likes
3 Bookmarks
1 Reply
1 Quote
Actor exploiting CVE-2025-25257 (FortiWeb SQLi) from 216.245.184.99 ( BLNWX ) VirusTotal Detections: 0/95 🟢 Payload 📸 Authorization: Bearer ';DROP/**/TABLE/**/fabric_user.a;-- https://t.co/QwQjLthPen
@DefusedCyber
17 Oct 2025
47665 Impressions
29 Retweets
149 Likes
77 Bookmarks
3 Replies
7 Quotes
The following vulnerabilities have been added to our feed: - CVE-2025-33053: Microsoft Windows Internet Shortcut Files RCE - CVE-2025-25257: Fortinet FortiWeb RCE - CVE-2025-50154: Microsoft Windows File Explorer NTLM Leak https://t.co/av7UZS4l6H
@crowdfense
16 Oct 2025
2191 Impressions
3 Retweets
23 Likes
7 Bookmarks
0 Replies
0 Quotes
Actor mass exploiting CVE-2025-25257 (Critical FortiWeb SQLi) from 213.138.72.10 ( Limited Liability Company TTK-Svyaz ) VirusTotal Detections: 0/95 🟢 The actor exploited multiple honeypots across a short timeframe (1 hour) https://t.co/wUayMUnVan
@DefusedCyber
14 Oct 2025
6770 Impressions
14 Retweets
35 Likes
14 Bookmarks
1 Reply
2 Quotes
A Few Exploits Captured Over the Weekend 🧨 95.143.193.150 ( Internetport Sweden AB ) 🇸🇪 Exploiting CVE-2025-25257 (FortiWeb SQLi) 146.56.116.119 ( ORACLE-BMC-31898 ) 🇰🇷 Exploiting CVE-2025-5777 (CitrixBleed 2) 146.70.166.212 ( M247 Europe SRL ) 🇺🇸 Ex
@DefusedCyber
12 Oct 2025
9621 Impressions
20 Retweets
92 Likes
33 Bookmarks
2 Replies
1 Quote
Exploit indicators captured over the weekend 🧨 95.143.193.150 ( Internetport Sweden AB ) 🇸🇪 Exploiting CVE-2025-25257 (FortiWeb SQLi) 146.56.116.119 ( ORACLE-BMC-31898 ) 🇰🇷 Exploiting CVE-2025-5777 (CitrixBleed 2) 146.70.166.212 ( M247 Europe SRL ) 🇺🇸
@DefusedCyber
12 Oct 2025
193 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
1 Quote
Actor exploiting CVE-2025-25257 (Critical FortiWeb SQL Injection Vulnerability) from 139.162.82.104 🇯🇵 ( Akamai Connected Cloud ) VirusTotal Detections: 0/95 🟢 Decoded Payload 📸 #!/bin/sh printf "Content-Type: text/html\r\n"; printf "\r\n"; eval $ HTTP_USER_AG
@DefusedCyber
9 Oct 2025
7316 Impressions
27 Retweets
118 Likes
45 Bookmarks
2 Replies
0 Quotes
Mass exploitation of CVE-2025-25257 (FortiWeb critical pre-auth SQL injection) From 106.222.203.214 🇮🇳( Bharti Airtel Ltd., Telemedia Services ) VirusTotal Detections: 0/95 🟢 Actor exploited multiple honeypots within a 3-minute timeframe https://t.co/0Fu2vTw40B
@DefusedCyber
5 Oct 2025
6019 Impressions
15 Retweets
90 Likes
27 Bookmarks
2 Replies
1 Quote
IMMEDIATE PATCH ALERT! A critical FortiWeb Flaw (CVE-2025-25257) allows Unauthenticated RCE leading directly to Data Exfiltration and Webshell Deployment. Your WAF is compromised. Read the full report on - https://t.co/uuFd1zWZdc https://t.co/Fw7q5NxazO
@Iambivash007
29 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actor exploiting CVE-2025-25257 (FortiWeb critical pre-auth SQL injection) from 104.251.229.180 🇯🇵 ( Zhipinshang Hongkong Electron Communication Technology Limited ) VirusTotal Detections: 0/95 🟢 SQL injection uploads a hex-encoded payload over multiple requests: #!
@DefusedCyber
29 Sept 2025
7594 Impressions
21 Retweets
88 Likes
38 Bookmarks
2 Replies
2 Quotes
⚠️ Weekly vuln radar from https://t.co/8RzyA4ocnO: CVE-2025-20352 CVE-2025-20333 CVE-2025-20362 CVE-2025-25257 (@0x_shaq) CVE-2024-36401 (Steve Ikeoka) CVE-2025-10035 CVE-2025-10184 (Calum Hutton) CVE-2025-53690 (Andi Slok) CVE-2024-28986 https://t.co/HF5Ob5EPZO
@ptdbugs
26 Sept 2025
207 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Multiple DigitalOcean IPs simultaneously exploiting FortiWeb CVE-2025-25257 (SQL injection): 64.23.207.115 188.166.234.163 142.93.10.77 209.38.134.92 165.232.149.80 5 different IPs exploited multiple decoys within the span of 60 seconds ⚠️ https://t.co/vwyIF3ZyDI
@DefusedCyber
25 Sept 2025
1412 Impressions
3 Retweets
14 Likes
4 Bookmarks
2 Replies
1 Quote
Exploitation of CVE-2025-25257 (FortiWeb critical pre-auth SQL injection) From 101.64.141.216 🇨🇳( CHINA UNICOM China169 Backbone ) VT Detections: 0/95 🟢 https://t.co/sPIucIGPql
@DefusedCyber
23 Sept 2025
1736 Impressions
6 Retweets
29 Likes
9 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar. https://t.co/Cd6L8ACyLV – spot what’s trending before it’s everywhere: CVE-2025-43300 CVE-2025-48539 CVE-2025-25257 (@0x_shaq) CVE-2025-7775 CVE-2025-57833 (@EyalSec) CVE-2025-53690 CVE-2025-9074 CVE-2025-48543 CVE-2025-24893 https://t.co/KW7HdtM3
@ptdbugs
5 Sept 2025
123 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Multilateral exploitation of CVE-2025-25257 (FortiWeb critical pre-auth SQL injection) VirusTotal Detections for each: 0/94 🟢 2.59.163.232 🇵🇱 ( Global Connectivity Solutions Llp ) 23.94.86.162 🇺🇸 ( AS-COLOCROSSING ) 115.195.47.173 🇨🇳 ( Chinanet ) C
@DefusedCyber
4 Sept 2025
1624 Impressions
6 Retweets
19 Likes
5 Bookmarks
0 Replies
1 Quote
Mass exploitation of CVE-2025-25257 from 36.24.16.56 🇨🇳 (Chinanet) VT Detections: 0/94 🟢 Payloads: 📸 UNION SELECT version(),2,3 (SQL injection for version enumeration ) https://t.co/qv68pzRIWs
@DefusedCyber
3 Sept 2025
3942 Impressions
2 Retweets
10 Likes
3 Bookmarks
0 Replies
2 Quotes
Someone shooting what seem to be like CVE-2025-25257 variations into the honeypots.. Whether these are legit or just random enumeration attempts, not sure https://t.co/16U4fe614S
@SimoKohonen
2 Sept 2025
840 Impressions
1 Retweet
8 Likes
2 Bookmarks
1 Reply
0 Quotes
Mass exploitation of CVE-2025-25257 from multiple actors (FortiWeb critical pre-auth SQL injection) VirusTotal Detections for each: 0/94 🟢 84.239.43.17🇺🇸( Datacamp Limited ) 179.43.189.17 🇨🇭( Private Layer INC ) 159.26.115.156 🇸🇬( Proton AG ) CVE-2025-
@DefusedCyber
2 Sept 2025
1972 Impressions
8 Retweets
19 Likes
9 Bookmarks
0 Replies
0 Quotes
Mass exploitation of CVE-2025-25257 from 36.232.42.148 🇹🇼 (FortiWeb critical pre-auth SQL injection) VT Detections: 0/94 🟢 Payload: 📸 Uses multiple hex-encoded payloads to execute the following: import os # os#!/bin/sh -- pype: text/html\r\n";printf https://
@DefusedCyber
26 Aug 2025
884 Impressions
2 Retweets
12 Likes
2 Bookmarks
0 Replies
1 Quote
I just noticed CVE-2025-25257 and had a giggle. Not because it's yet another Fortinet remote bug. But because it's a SQLi, in a WAF product. The irony...
@hkashfi
25 Aug 2025
90277 Impressions
36 Retweets
268 Likes
40 Bookmarks
10 Replies
4 Quotes
Mass exploitation of CVE-2025-25257 from 85.237.206.10 🇹🇼 (FortiWeb critical pre-auth SQL injection) VT Detections: 0/94 🟢 Payloads: 📸 Attemps modification of a password file and afterwards writes a string ("batch_test_h*cked!") into a .txt file https://t.co/Jn0kt
@DefusedCyber
25 Aug 2025
1797 Impressions
4 Retweets
14 Likes
2 Bookmarks
0 Replies
1 Quote
#VulnerabilityReport #CISAKEV FortiWeb SQL Injection (CVE-2025-25257) Added to CISA KEV After Active Exploitation, PoC Available! https://t.co/Rutm4xDzIG
@Komodosec
24 Aug 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Three individual but associated IPs mass exploiting FortiWeb (CVE-2025-25257) all from AS 4134 ( Chinanet ) 113.25.3.28 🇨🇳 113.25.13.159 🇨🇳 113.25.9.64 🇨🇳 All have 0/94 VirusTotal detections Exploits occured within 8 seconds of each other over 3 different F
@DefusedCyber
21 Aug 2025
799 Impressions
3 Retweets
13 Likes
4 Bookmarks
0 Replies
0 Quotes
Active adversary mass exploiting CVE-2025-25257 (FortiWeb critical pre-auth SQL injection) - attacks originating from Hetzner VT Detections: 0/94 🚨Attacker is currently engaged with our sandbox, further details to be released Payloads: Uses CVE-2025-25257 to establish
@DefusedCyber
21 Aug 2025
1533 Impressions
5 Retweets
21 Likes
3 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-25257 - critical 🚨 Fortinet FortiWeb - SQL Injection > An improper neutralization of special elements used in an SQL command ('SQL Injection... 👾 https://t.co/MIZGA26CpP @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
19 Aug 2025
148 Impressions
0 Retweets
1 Like
3 Bookmarks
0 Replies
0 Quotes
Actor exploiting CVE-2025-25257 from 45.11.80.242 🇮🇹(FortiWeb critical pre-auth SQL injection) VT Detections: 0/94 Payloads (shortened for brevity): Under path GET /api/fabric/device/status: ';create/**/table/**/fabric_user.a/**/(a/**/TEXT);-- https://t.co/pqkjR
@DefusedCyber
19 Aug 2025
2686 Impressions
13 Retweets
36 Likes
22 Bookmarks
0 Replies
0 Quotes
Mass exploitation of CVE-2025-25257 from 196.00.00.00 🇲🇦 (FortiWeb critical pre-auth SQL injection) @KeCIRT @CA_Kenya @MoICTKenya @ICTAuthorityKE @kcsfa @CSAGhana @AcdfNetworks @SASRA_ke @CBKKenya @ODPC_KE https://t.co/zwnazxXLfy
@Ke_Cyber
19 Aug 2025
192 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Mass exploitation of CVE-2025-25257 from 121.122.33.117 🇲🇾 (FortiWeb critical pre-auth SQL injection) VT Detections: 0/94 Multiple Payloads: 🧵 GET /api/fabric/device/status HTTP/1.1 Host: xxx User-Agent: python-requests/2.32.3 Accept-Encoding: gzip, deflate, b
@DefusedCyber
19 Aug 2025
2523 Impressions
1 Retweet
13 Likes
4 Bookmarks
1 Reply
2 Quotes
#VulnerabilityReport #CVE202525257 CVE-2025-25257 (CVSS 9.6): Pre-Auth SQLi in Fortinet FortiWeb Opens Door to RCE, PoC Published https://t.co/LpJrVgVAfA
@Komodosec
18 Aug 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actor exploiting CVE-2025-25257 (FortiWeb SQL Injection) 104.28.253.229 🇩🇿AS 13335 ( CLOUDFLARENET ) 0/94 detections on VirusTotal https://t.co/MABXWMaMcf
@DefusedCyber
18 Aug 2025
952 Impressions
3 Retweets
7 Likes
3 Bookmarks
0 Replies
1 Quote
Mass exploitation of CVE-2025-25257 from 196.75.238.72 🇲🇦 (FortiWeb critical pre-auth SQL injection) VT Detections: 0/94 Payload: GET /api/fabric/device/status HTTP/1.1 Host: xxxxxx User-Agent: python-requests/2.32.4 Accept-Encoding: gzip, deflate, br, zstd Accept: */*
@DefusedCyber
18 Aug 2025
25882 Impressions
67 Retweets
255 Likes
178 Bookmarks
4 Replies
3 Quotes
CVE-2025-25257: An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands… https://t.co/E6PtqUf8GV #cyber #threathunting #infosec
@blueteamsec1
10 Aug 2025
72 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
On July 18, 2025, CISA added a new actively exploited vulnerability—CVE-2025-25257—to its Known Exploited Vulnerabilities (KEV) Catalog. The flaw impacts Fortinet FortiWeb and allows unauthenticated attackers to execute arbitrary commands via crafted HTTP/S requests.
@MainNerve
9 Aug 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-25257 – Inyección SQL Pre-Autenticación con Posible Ejecución Remota de Código en FortiWeb Se descubrió una vulnerabilidad crítica de inyección SQL (CWE-89) en el componente Fabric Connector de FortiWeb https://t.co/muye8x8gGy
@BanCERT_gt
2 Aug 2025
13 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar — https://t.co/Cd6L8ACyLV: CVE-2025-53770 — Sharepoint Server 📈⬆️ CVE-2025-32433 (@lambdafu) CVE-2025-25257 (@0x_shaq) CVE-2025-49113 (@k_firsov) CVE-2025-6558 (@_clem1) CVE-2025-30406 CVE-2025-54309 CVE-2025-23266 (@nirohfeld @shirtamari) CVE
@ptdbugs
1 Aug 2025
160 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
امتدادًا لريادة المملكة العربية السعودية 🇸🇦 في الأمن السيبراني، ممثلةً في @NCA_KSA، وفي إطار جهودها الاستباقية لرصد التهديدات والثغرات السيبرانية، طوّرت
@abdul__alamri
1 Aug 2025
1951 Impressions
7 Retweets
12 Likes
1 Bookmark
0 Replies
0 Quotes
Hey security folks! Just dropped a deep dive on CVE-2025-25257 CVSS 9.8 Critical FortiWeb SQL injection → RCE Full PoC, environment setup, interactive shell Affects versions 7.0.0-7.6.3 Read here: https://t.co/kItfxLJLvU #InfoSec #Cybersecurity
@itgather
28 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【ブログ記事を公開しました📰】 FortiWeb ゼロデイ脆弱性による認証前RCEを発見者が解説:CVE-2025-25257によるSQLインジェクション https://t.co/5WDSFl98YM
@gmo_ierae
24 Jul 2025
5429 Impressions
11 Retweets
52 Likes
20 Bookmarks
0 Replies
3 Quotes
Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257) #CISO https://t.co/ZgeW672wbY https://t.co/sVXpxU4yxo
@compuchris
24 Jul 2025
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortiWeb ゼロデイ脆弱性による認証前RCEを発見者が解説:CVE-2025-25257によるSQLインジェクション https://t.co/W6VuaIyDwu
@yousukezan
24 Jul 2025
2948 Impressions
6 Retweets
42 Likes
18 Bookmarks
0 Replies
0 Quotes
Fortinet publico correcciones para la vulnreabilidades critica CVE-2025-25257, que afecta a FortiWeb y que podría permitir que un atacante no autenticado, ejecute comandos arbitrarios de base de datos en instancias susceptibles. https://t.co/TLtwWL22mU https://t.co/F0SlOZvB40
@ciberseguridadx
23 Jul 2025
19 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Fortinet FortiWeb Vulnerability Alert! CVE-2025-25257 (CVSS 9.8) exposes systems to pre-auth RCE via SQL Injection. Patch now to secure your network! Details: https://t.co/RO8HhQO309 #Cybersecurity #Fortinet #CVE
@Andrewkek77
23 Jul 2025
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ALERTA DE SEGURANÇA: FortiWeb sob ataque! 🚨 Múltiplas instâncias do Fortinet FortiWeb foram comprometidas com web shells, explorando a vulnerabilidade crítica CVE-2025-25257, recentemente corrigida pela Fortinet. 🔍 O que está acontecendo? A The Shadowserver Foun
@brainworkblog
22 Jul 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
fortiweb-未授权RCE(CVE-2025-25257) 漏洞简述 Fortinet 的 FortiWeb Fabric Connector 旨在成为 FortiWeb(其 Web 应用防火墙)与其他 Fortinet 生态系统产品之间的粘合剂,允许根据基础设施或威胁态势的实时变化进行动态、基于策略
@MerlinRamos_
22 Jul 2025
1472 Impressions
0 Retweets
65 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E739890-CFEA-4B7B-B78D-8CC8157BDF54",
"versionEndExcluding": "7.0.11",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B642678E-4E31-4A6B-A791-ACD5D332B175",
"versionEndExcluding": "7.2.11",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA8DE17C-1756-4B18-A956-A52CFA0967B9",
"versionEndExcluding": "7.4.8",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B739434-1979-43F9-AEC1-D287B1BCA5CA",
"versionEndExcluding": "7.6.4",
"versionStartIncluding": "7.6.0"
}
],
"operator": "OR"
}
]
}
]