FortiWeb SQL injection Vulnerability Allows Attackers to Execute Malicious SQL Commands
A critical security vulnerability has been discovered in Fortinet’s FortiWeb web application firewall that allows unauthenticated attackers to execute malicious SQL commands through the device’s graphical user interface.
The flaw, designated as CVE-2025-25257, poses significant risks to organizations relying on FortiWeb for web application protection.
Vulnerability Details
The vulnerability stems from improper neutralization of special elements used in SQL commands, classified as CWE-89 in the Common Weakness Enumeration database.
| Field | Value |
|---|---|
| CVE ID | CVE-2025-25257 |
| Severity | Critical |
| CVSS v3 Score | 9.6 |
| CWE Classification | CWE-89 (SQL Injection) |
Attackers can exploit this flaw by sending specially crafted HTTP or HTTPS requests to the FortiWeb management interface, enabling them to execute unauthorized SQL code without requiring authentication credentials.
Fortinet has assigned this vulnerability a Critical severity rating with a CVSS v3 score of 9.6, indicating the potential for complete system compromise.
The high severity reflects the vulnerability’s network accessibility, lack of authentication requirements, and potential for full confidentiality, integrity, and availability impact.
Affected Versions and Solutions
The vulnerability affects multiple FortiWeb versions across four major branches:
| Version Branch | Affected Versions | Solution |
| FortiWeb 7.6 | 7.6.0 through 7.6.3 | Upgrade to 7.6.4 or above |
| FortiWeb 7.4 | 7.4.0 through 7.4.7 | Upgrade to 7.4.8 or above |
| FortiWeb 7.2 | 7.2.0 through 7.2.10 | Upgrade to 7.2.11 or above |
| FortiWeb 7.0 | 7.0.0 through 7.0.10 | Upgrade to 7.0.11 or above |
Organizations using affected FortiWeb versions should prioritize immediate patching to prevent potential exploitation.
The vulnerability’s unauthenticated nature means attackers can exploit it remotely without needing valid credentials, making it particularly dangerous.
For organizations unable to immediately apply patches, Fortinet recommends disabling the HTTP/HTTPS administrative interface as a temporary workaround.
However, this mitigation may significantly impact administrative operations and should be considered a short-term measure only.
The vulnerability was discovered by Kentaro Kawane from GMO Cybersecurity by Ierae through responsible disclosure practices.
Fortinet acknowledged the researcher’s contribution and coordinated the disclosure timeline appropriately.
The vulnerability was initially published on July 8, 2025, with the internal reference number FG-IR-25-151.
The affected component is the GUI interface, and the potential impact includes the execution of unauthorized code or commands.
This vulnerability highlights the critical importance of securing management interfaces for security appliances.
When web application firewalls themselves become vulnerable to the same attacks they’re designed to prevent, the irony underscores the need for robust secure development practices across all security products.
Stay Updated on Daily Cybersecurity News . Follow us on Google News, LinkedIn, and X.
Source link
