4 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
FortiWeb SQL Injection Vulnerability
CVSS Score: 9.6 (Critical)
Identifier: CVE-2025-25257
Exploit or POC: No known active exploitation, but patches released proactively
Update: CVE-2025-25257 – Fortinet Security Advisory
Description: CVE-2025-25257 is a critical SQL injection vulnerability affecting the FortiWeb Web Application Firewall GUI. An unauthenticated attacker can exploit this flaw by sending specially crafted HTTP or HTTPS requests, injecting SQL commands into the backend database. This allows unauthorized access to data, modification or deletion of entries, and potential arbitrary code execution under the application’s context. Fortinet warns that exploiting this flaw requires no credentials and can be performed remotely, making it especially dangerous for exposed management interfaces.
Affected Versions:
- FortiWeb 7.6.0 through 7.6.3
- FortiWeb 7.4.0 through 7.4.7
-
FortiWeb 7.2.0 through 7.2.10
- FortiWeb 7.0.0 through 7.0.10
Mitigation Recommendation:
Upgrade immediately to the patched versions:
- 7.6.4 or later
- 7.4.8 or later
- 7.2.11 or later
- 7.0.11 or later
If patching cannot be completed promptly, disable HTTP/HTTPS administrative access to the GUI temporarily.
Monitor traffic to the GUI interface and implement web application firewall rules or intrusion prevention that detect SQL injection patterns.
Perform internal and external vulnerability scanning focusing on SQL injection and ensure management interfaces are segmented and not internet-facing.
