CVE-2025-25257
Published Jul 17, 2025
Last updated a month ago
AI description
CVE-2025-25257 is a critical SQL injection vulnerability found in Fortinet's FortiWeb web application firewall. This vulnerability, classified as CWE-89, stems from improper neutralization of special elements used in SQL commands. The vulnerability allows unauthenticated attackers to execute unauthorized SQL code or commands by sending crafted HTTP or HTTPS requests to the FortiWeb management interface. Successful exploitation could lead to attackers accessing sensitive data, altering database contents, or compromising backend systems.
- Description
- An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortiweb
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Fortinet FortiWeb SQL Injection Vulnerability
- Exploit added on
- Jul 18, 2025
- Exploit action due
- Aug 8, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- psirt@fortinet.com
- CWE-89
- Hype score
- Not currently trending
Mass exploitation of CVE-2025-25257 from 36.232.42.148 🇹🇼 (FortiWeb critical pre-auth SQL injection) VT Detections: 0/94 🟢 Payload: 📸 Uses multiple hex-encoded payloads to execute the following: import os # os#!/bin/sh -- pype: text/html\r\n";printf https://
@DefusedCyber
26 Aug 2025
884 Impressions
2 Retweets
12 Likes
2 Bookmarks
0 Replies
1 Quote
I just noticed CVE-2025-25257 and had a giggle. Not because it's yet another Fortinet remote bug. But because it's a SQLi, in a WAF product. The irony...
@hkashfi
25 Aug 2025
90277 Impressions
36 Retweets
268 Likes
40 Bookmarks
10 Replies
4 Quotes
Mass exploitation of CVE-2025-25257 from 85.237.206.10 🇹🇼 (FortiWeb critical pre-auth SQL injection) VT Detections: 0/94 🟢 Payloads: 📸 Attemps modification of a password file and afterwards writes a string ("batch_test_h*cked!") into a .txt file https://t.co/Jn0kt
@DefusedCyber
25 Aug 2025
1797 Impressions
4 Retweets
14 Likes
2 Bookmarks
0 Replies
1 Quote
#VulnerabilityReport #CISAKEV FortiWeb SQL Injection (CVE-2025-25257) Added to CISA KEV After Active Exploitation, PoC Available! https://t.co/Rutm4xDzIG
@Komodosec
24 Aug 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Three individual but associated IPs mass exploiting FortiWeb (CVE-2025-25257) all from AS 4134 ( Chinanet ) 113.25.3.28 🇨🇳 113.25.13.159 🇨🇳 113.25.9.64 🇨🇳 All have 0/94 VirusTotal detections Exploits occured within 8 seconds of each other over 3 different F
@DefusedCyber
21 Aug 2025
799 Impressions
3 Retweets
13 Likes
4 Bookmarks
0 Replies
0 Quotes
Active adversary mass exploiting CVE-2025-25257 (FortiWeb critical pre-auth SQL injection) - attacks originating from Hetzner VT Detections: 0/94 🚨Attacker is currently engaged with our sandbox, further details to be released Payloads: Uses CVE-2025-25257 to establish
@DefusedCyber
21 Aug 2025
1533 Impressions
5 Retweets
21 Likes
3 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-25257 - critical 🚨 Fortinet FortiWeb - SQL Injection > An improper neutralization of special elements used in an SQL command ('SQL Injection... 👾 https://t.co/MIZGA26CpP @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
19 Aug 2025
148 Impressions
0 Retweets
1 Like
3 Bookmarks
0 Replies
0 Quotes
Actor exploiting CVE-2025-25257 from 45.11.80.242 🇮🇹(FortiWeb critical pre-auth SQL injection) VT Detections: 0/94 Payloads (shortened for brevity): Under path GET /api/fabric/device/status: ';create/**/table/**/fabric_user.a/**/(a/**/TEXT);-- https://t.co/pqkjR
@DefusedCyber
19 Aug 2025
2686 Impressions
13 Retweets
36 Likes
22 Bookmarks
0 Replies
0 Quotes
Mass exploitation of CVE-2025-25257 from 196.00.00.00 🇲🇦 (FortiWeb critical pre-auth SQL injection) @KeCIRT @CA_Kenya @MoICTKenya @ICTAuthorityKE @kcsfa @CSAGhana @AcdfNetworks @SASRA_ke @CBKKenya @ODPC_KE https://t.co/zwnazxXLfy
@Ke_Cyber
19 Aug 2025
192 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Mass exploitation of CVE-2025-25257 from 121.122.33.117 🇲🇾 (FortiWeb critical pre-auth SQL injection) VT Detections: 0/94 Multiple Payloads: 🧵 GET /api/fabric/device/status HTTP/1.1 Host: xxx User-Agent: python-requests/2.32.3 Accept-Encoding: gzip, deflate, b
@DefusedCyber
19 Aug 2025
2523 Impressions
1 Retweet
13 Likes
4 Bookmarks
1 Reply
2 Quotes
#VulnerabilityReport #CVE202525257 CVE-2025-25257 (CVSS 9.6): Pre-Auth SQLi in Fortinet FortiWeb Opens Door to RCE, PoC Published https://t.co/LpJrVgVAfA
@Komodosec
18 Aug 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actor exploiting CVE-2025-25257 (FortiWeb SQL Injection) 104.28.253.229 🇩🇿AS 13335 ( CLOUDFLARENET ) 0/94 detections on VirusTotal https://t.co/MABXWMaMcf
@DefusedCyber
18 Aug 2025
952 Impressions
3 Retweets
7 Likes
3 Bookmarks
0 Replies
1 Quote
Mass exploitation of CVE-2025-25257 from 196.75.238.72 🇲🇦 (FortiWeb critical pre-auth SQL injection) VT Detections: 0/94 Payload: GET /api/fabric/device/status HTTP/1.1 Host: xxxxxx User-Agent: python-requests/2.32.4 Accept-Encoding: gzip, deflate, br, zstd Accept: */*
@DefusedCyber
18 Aug 2025
25882 Impressions
67 Retweets
255 Likes
178 Bookmarks
4 Replies
3 Quotes
CVE-2025-25257: An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands… https://t.co/E6PtqUf8GV #cyber #threathunting #infosec
@blueteamsec1
10 Aug 2025
72 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
On July 18, 2025, CISA added a new actively exploited vulnerability—CVE-2025-25257—to its Known Exploited Vulnerabilities (KEV) Catalog. The flaw impacts Fortinet FortiWeb and allows unauthenticated attackers to execute arbitrary commands via crafted HTTP/S requests.
@MainNerve
9 Aug 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-25257 – Inyección SQL Pre-Autenticación con Posible Ejecución Remota de Código en FortiWeb Se descubrió una vulnerabilidad crítica de inyección SQL (CWE-89) en el componente Fabric Connector de FortiWeb https://t.co/muye8x8gGy
@BanCERT_gt
2 Aug 2025
13 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar — https://t.co/Cd6L8ACyLV: CVE-2025-53770 — Sharepoint Server 📈⬆️ CVE-2025-32433 (@lambdafu) CVE-2025-25257 (@0x_shaq) CVE-2025-49113 (@k_firsov) CVE-2025-6558 (@_clem1) CVE-2025-30406 CVE-2025-54309 CVE-2025-23266 (@nirohfeld @shirtamari) CVE
@ptdbugs
1 Aug 2025
160 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
امتدادًا لريادة المملكة العربية السعودية 🇸🇦 في الأمن السيبراني، ممثلةً في @NCA_KSA، وفي إطار جهودها الاستباقية لرصد التهديدات والثغرات السيبرانية، طوّرت
@abdul__alamri
1 Aug 2025
1951 Impressions
7 Retweets
12 Likes
1 Bookmark
0 Replies
0 Quotes
Hey security folks! Just dropped a deep dive on CVE-2025-25257 CVSS 9.8 Critical FortiWeb SQL injection → RCE Full PoC, environment setup, interactive shell Affects versions 7.0.0-7.6.3 Read here: https://t.co/kItfxLJLvU #InfoSec #Cybersecurity
@itgather
28 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【ブログ記事を公開しました📰】 FortiWeb ゼロデイ脆弱性による認証前RCEを発見者が解説:CVE-2025-25257によるSQLインジェクション https://t.co/5WDSFl98YM
@gmo_ierae
24 Jul 2025
5429 Impressions
11 Retweets
52 Likes
20 Bookmarks
0 Replies
3 Quotes
Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257) #CISO https://t.co/ZgeW672wbY https://t.co/sVXpxU4yxo
@compuchris
24 Jul 2025
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortiWeb ゼロデイ脆弱性による認証前RCEを発見者が解説:CVE-2025-25257によるSQLインジェクション https://t.co/W6VuaIyDwu
@yousukezan
24 Jul 2025
2948 Impressions
6 Retweets
42 Likes
18 Bookmarks
0 Replies
0 Quotes
Fortinet publico correcciones para la vulnreabilidades critica CVE-2025-25257, que afecta a FortiWeb y que podría permitir que un atacante no autenticado, ejecute comandos arbitrarios de base de datos en instancias susceptibles. https://t.co/TLtwWL22mU https://t.co/F0SlOZvB40
@ciberseguridadx
23 Jul 2025
19 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Fortinet FortiWeb Vulnerability Alert! CVE-2025-25257 (CVSS 9.8) exposes systems to pre-auth RCE via SQL Injection. Patch now to secure your network! Details: https://t.co/RO8HhQO309 #Cybersecurity #Fortinet #CVE
@Andrewkek77
23 Jul 2025
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ALERTA DE SEGURANÇA: FortiWeb sob ataque! 🚨 Múltiplas instâncias do Fortinet FortiWeb foram comprometidas com web shells, explorando a vulnerabilidade crítica CVE-2025-25257, recentemente corrigida pela Fortinet. 🔍 O que está acontecendo? A The Shadowserver Foun
@brainworkblog
22 Jul 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
fortiweb-未授权RCE(CVE-2025-25257) 漏洞简述 Fortinet 的 FortiWeb Fabric Connector 旨在成为 FortiWeb(其 Web 应用防火墙)与其他 Fortinet 生态系统产品之间的粘合剂,允许根据基础设施或威胁态势的实时变化进行动态、基于策略
@MerlinRamos_
22 Jul 2025
1472 Impressions
0 Retweets
65 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet FortiWeb flaw exploited hours after PoC release CVE-2025-25257 (CVSS 9.6), a critical SQL injection flaw in Fortinet FortiWeb was exploited the same day a proof-of-concept (PoC) was published on July 11, leading to dozens of system compromises. The vulnerability allows
@dCypherIO
21 Jul 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortiWeb Pre-Auth RCE (CVE-2025-25257) https://t.co/2lTpt8Imyc
@_r_netsec
21 Jul 2025
4002 Impressions
15 Retweets
53 Likes
22 Bookmarks
1 Reply
0 Quotes
⚠️ تحذير أمني 🔥 الثغرة : CVE-2025-25257 المنتج المستهدفFortiWeb (WAF) مدى الخطورة عال التهديد : تسمح هذه الثغرة للمهاجمين عن بعد وبدون ترخيص بتنفيذ هجوم SQL Injection عل
@BasharALYAsser1
20 Jul 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release https://t.co/OJAgEQeZKf #patchmanagement
@eyalestrin
20 Jul 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 آژانس امنیت سایبری و زیرساخت (CISA) یک آسیبپذیری بحرانی تزریق SQL (CVE-2025-25257) را در فایروال وب FortiWeb فورتینت به فهرست آسیبپذیریهای شناختهشده و مورد بهره
@Takianco
20 Jul 2025
45 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Fortinet FortiWeb hacked due to a critical SQL injection flaw (CVE-2025-25257) after PoC exploits went public! 😱 #Fortinet No need to worry about patches or updates with WEBOUNCER by https://t.co/YvUrFmPcXS. #Impenetrable defense 🦾 - https://t.co/hZFCO9j5Ay
@BrainLabVisions
20 Jul 2025
37 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2025-25257: Pre-auth SQL Injection leading to RCE in Fortinet FortiWeb Fabric Connector. https://t.co/dobPXY4Iln Today’s 1day1line covers an unauthenticated SQL Injection in FortiWeb via Bearer token parsing, allowing file creation and potential command
@hackyboiz
20 Jul 2025
3325 Impressions
19 Retweets
49 Likes
16 Bookmarks
0 Replies
0 Quotes
CVE-2025-25257 - FortiWeb Unauthenticated SQLi to RCE 💣 🔴 TIPO: SQLI + RCE 🔍 DORK (Zoomeye): app="FortiWeb WAF" 💣 EXPLOIT: https://t.co/70pEFrhUPZ https://t.co/xjH59LWQDb
@FsecIntelEs
20 Jul 2025
102 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 Critical flaw in Fortinet FortiWeb (CVE-2025-25257) exploited, compromising dozens of systems. #CyberSecurity #Fortinet https://t.co/BNFPTFwpGv https://t.co/w5L3f2QigU
@CyberHub_blog
19 Jul 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25257 An improper neutralization of special elements used in an SQL command vulnerability [CWE-89] in Fortinet FortiWeb.. Github link: https://t.co/hAXoI21IeL
@PoC_in_Github
19 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1382 CVE-2025-25257 Fortinet FortiWeb SQL Injection Vulnerability ============= CVSSスコア:9.8 (Base) / Fortinet, Inc. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 種別:S
@piyokango
19 Jul 2025
6644 Impressions
4 Retweets
16 Likes
6 Bookmarks
0 Replies
0 Quotes
ثغرة خطيرة في Fortinet FortiWeb تم كشفها هذا الشهر، تصنيفها 9.6/10 (حقن أوامر SQL). - CVE-2025-25257 موجة هجمات بدأت فور نشر كود الاستغلال، مع 85 حالة اختراق مؤكدة. https://t.co/XfxzXZfNq
@cyberscastx
19 Jul 2025
8660 Impressions
2 Retweets
69 Likes
48 Bookmarks
2 Replies
0 Quotes
CVE-2025-25257 #FortiWeb SQL Injection Vulnerability: https://t.co/Gc8gOg41QI
@Iambivash007
19 Jul 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Heads up! CISA just dropped CVE-2025-25257, a nasty SQL injection flaw targeting Fortinet firewalls. Remember, in cybersecurity, complacency is the enemy! Stay vigilant! #Cybersecurity #CVE #Fortinet https://t.co/1Cjv80Ff3R
@windowsforum
18 Jul 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️We added Fortinet FortiWeb SQL injection vulnerability CVE-2025-25257 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/LUJNGYEdvZ
@CISACyber
18 Jul 2025
4220 Impressions
17 Retweets
34 Likes
5 Bookmarks
0 Replies
0 Quotes
Hackers target unpatched Fortinet devices. Prioritize Fortinet updates to block CVE-2025-25257 exploits and protect your systems. Details: https://t.co/0Nt8SeAItY https://t.co/279UlV0YZe
@blackbeltsecure
18 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinetのセキュリティ製品『FortiWeb』に超危険ゼロデイ⚡⚠️新しく見つかった「CVE-2025-25257」は、ログインなしでデータベースを操作できてしまう穴。 これを悪用して、攻撃者がシステムに勝手に入り込み
@log_sho_dev
18 Jul 2025
127 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257) #CISO https://t.co/TWYGraNNH3 https://t.co/RpvOotzPjD
@compuchris
17 Jul 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet FortiWeb is affected by CVE-2025-25257, a vulnerability allowing unauthenticated remote code execution. Security teams are advised to review the technical details and apply mitigations.Details in comment. https://t.co/8MLrRC90W4
@FireCompass
17 Jul 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-25257 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0… https://t.co/cKCSx9sIeR
@CVEnew
17 Jul 2025
338 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical RCE vulnerability CVE-2025-25257 affecting Fortinet FortiWeb could allow unauthenticated command execution. If your systems rely on FortiWeb, immediate action is advised. Read the full article here: https://t.co/hVCQBKioTw https://t.co/RPVPSbOq2N
@FireCompass
17 Jul 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A Critical Vulnerability exists in FortiWeb (CVE-2025-25257). Please see the @ncsc_gov_ie advisory for more info: https://t.co/DADf6CKy2S
@ncsc_gov_ie
17 Jul 2025
212 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortinetのFortiWebに深刻な脆弱性(CVE-2025-25257)が見つかり、公開された攻撃コードにより、世界中で多数の機器が侵害されている。 The Shadowserver Foundationによれば、77台のFortiWebがWebシェルを設置され、米国を中
@yousukezan
17 Jul 2025
723 Impressions
0 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
Multiple Fortinet FortiWeb instances have been compromised via publicly released exploits for CVE-2025-25257, leading to webshell infections. Proper patching is essential to prevent similar breaches. #WebApp #SecurityPhases #USA https://t.co/XYTCDUDOnA
@TweetThreatNews
16 Jul 2025
103 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E739890-CFEA-4B7B-B78D-8CC8157BDF54",
"versionEndExcluding": "7.0.11",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B642678E-4E31-4A6B-A791-ACD5D332B175",
"versionEndExcluding": "7.2.11",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA8DE17C-1756-4B18-A956-A52CFA0967B9",
"versionEndExcluding": "7.4.8",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B739434-1979-43F9-AEC1-D287B1BCA5CA",
"versionEndExcluding": "7.6.4",
"versionStartIncluding": "7.6.0"
}
],
"operator": "OR"
}
]
}
]