Fortinet

Two proof-of-concept (PoC) exploits made public late last week for a critical SQL command injection vulnerability in Fortinet’s FortiWeb web application firewall (CVE-2025-25257). This vulnerability is expected to be leveraged by attackers soon.

Source: https://www.helpnetsecurity.com/2025/07/20/week-in-review-google-fixes-zero-day-vulnerability-in-chrome-critical-sql-injection-flaw-in-fortiweb/

TPRM report: https://scoringcyber.rankiteo.com/company/fortinet

"id": "for705072025",
"linkid": "fortinet",
"type": "Vulnerability",
"date": "7/2025",
"severity": "75",
"impact": "",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'industry': 'Technology',
                        'name': 'Google',
                        'type': 'Corporation'},
                       {'industry': 'Cybersecurity',
                        'name': 'Fortinet',
                        'type': 'Corporation'}],
 'attack_vector': ['Browser Exploit', 'SQL Injection'],
 'description': 'Google has patched a Chrome zero-day vulnerability '
                '(CVE-2025-6558) exploited by attackers. Additionally, two '
                'proof-of-concept (PoC) exploits for a critical SQL command '
                'injection vulnerability in Fortinet’s FortiWeb web '
                'application firewall (CVE-2025-25257) have been made public.',
 'impact': {'systems_affected': ['Google Chrome', 'Fortinet FortiWeb']},
 'references': [{'source': 'Help Net Security'}],
 'title': 'Google Chrome Zero-Day Vulnerability (CVE-2025-6558) and FortiWeb '
          'RCE Vulnerability (CVE-2025-25257)',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': ['CVE-2025-6558', 'CVE-2025-25257']}

Fortinet

Smarsh

CrushFTP

Wing FTP Server