CVE-2025-25257

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 7.0.0 through 7.6.3 Fortinet FortiWeb versions 7.4.0 through 7.4.7 Fortinet FortiWeb versions 7.2.0 through 7.2.10

Description Fortinet FortiWeb contains an improper neutralization of special elements used in an SQL command vulnerability (CWE-89). This vulnerability allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPS requests. Exploitation involves sending specially crafted requests to the

/api/fabric/device/status

endpoint, potentially leading to remote code execution. Public exploits are available, and active exploitation has been observed, with numerous systems already compromised. Attackers are utilizing various techniques, including the use of hex-encoded payloads and the exploitation of a Python feature to execute malicious code. Approximately 20,000 devices are estimated to be exposed. Multiple actors are actively exploiting this vulnerability.

Recommendations Fortinet FortiWeb versions 7.0.0 through 7.0.10: Update to version 7.0.11 or later. Fortinet FortiWeb versions 7.2.0 through 7.2.10: Update to version 7.2.11 or later. Fortinet FortiWeb versions 7.4.0 through 7.4.7: Update to version 7.4.8 or later. Fortinet FortiWeb versions 7.6.0 through 7.6.3: Update to version 7.6.4 or later.