A critical security vulnerability, CVE-2025-25257, was discovered in FortiWeb web application firewalls, allowing unauthenticated attackers to execute unauthorized SQL commands through crafted HTTP and HTTPS requests. This vulnerability, classified as CWE-89, poses a significant threat to organizations relying on FortiWeb for web application security. The flaw affects multiple FortiWeb versions and can lead to complete system compromise, data exfiltration, and service disruption. Organizations are urged to upgrade their FortiWeb installations to the patched versions immediately and consider disabling admin interfaces as a precaution.
Source: https://cybersecuritynews.com/fortiweb-sql-injection-vulnerability/
TPRM report: https://scoringcyber.rankiteo.com/company/fortinet
"id": "for553070925",
"linkid": "fortinet",
"type": "Vulnerability",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Cybersecurity',
'name': 'Fortinet',
'type': 'Organization'}],
'attack_vector': 'SQL Injection',
'data_breach': {'data_exfiltration': True,
'type_of_data_compromised': 'Sensitive data'},
'description': 'A critical security vulnerability has been discovered in '
'FortiWeb web application firewalls that enables '
'unauthenticated attackers to execute unauthorized SQL '
'commands through specially crafted HTTP and HTTPS requests. '
'This vulnerability, classified as CWE-89 (Improper '
'Neutralization of Special Elements used in an SQL Command), '
'represents a significant threat to organizations relying on '
'FortiWeb for web application security.',
'impact': {'data_compromised': 'Sensitive data stored in the backend database',
'systems_affected': 'FortiWeb web application firewalls'},
'initial_access_broker': {'entry_point': 'HTTP/HTTPS administrative '
'interface'},
'lessons_learned': 'Implement coordinated vulnerability disclosure processes '
'and ensure input validation mechanisms are robust.',
'motivation': 'Unauthorized data access and manipulation',
'post_incident_analysis': {'corrective_actions': ['Patch the vulnerability',
'Disable administrative '
'interfaces',
'Implement additional '
'security measures'],
'root_causes': 'Improper input validation '
'mechanisms in the GUI component'},
'recommendations': ['Upgrade FortiWeb installations to patched versions',
'Disable administrative interfaces as a precaution',
'Implement network segmentation, access controls, and '
'continuous monitoring'],
'references': [{'source': 'GMO Cybersecurity by Ierae'}],
'response': {'containment_measures': ['Disable the HTTP/HTTPS administrative '
'interface'],
'enhanced_monitoring': True,
'network_segmentation': True,
'remediation_measures': ['Upgrade to patched versions',
'Network segmentation',
'Access controls',
'Continuous monitoring']},
'title': 'Critical SQL Injection Vulnerability in FortiWeb Web Application '
'Firewalls',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE-2025-25257'}