Fortinet’s FortiWeb WAF contains a serious SQL injection vulnerability.

July 9, 2025No CommentsCybersecurity News

TL;DR

Fortinet’s FortiWeb web application firewall (WAF), widely used to protect web applications from cyber threats, has been found to contain a critical SQL injection vulnerability. Tracked as CVE-2025-25257, this flaw poses a significant risk to organizations relying on FortiWeb for application security and protection.

Nature of the Vulnerability

The vulnerability, classified as a SQL injection (CWE-89), affects the FortiWeb management interface accessible via HTTP or HTTPS. It allows remote, unauthenticated attackers to send specially crafted requests that can execute arbitrary SQL commands on the underlying system. With a CVSS v3 score of 9.6, the vulnerability is considered critical due to its ease of exploitation and potential impact.

Potential Impact

If exploited, this vulnerability could enable attackers to:

Gain unauthorized access to sensitive data stored in the database
Alter or delete database records
Potentially compromise the entire FortiWeb system

Such consequences could lead to data breaches, service disruptions, and further exploitation within the affected organization’s network.

Affected Versions

The following FortiWeb versions are impacted:

Version	Affected Releases	Fixed In
7.6	7.6.0 – 7.6.3	7.6.4 and above
7.4	7.4.0 – 7.4.7	7.4.8 and above
7.2	7.2.0 – 7.2.10	7.2.11 and above
7.0	7.0.0 – 7.0.10	7.0.11 and above

Recommended Actions

Immediate Patch:
Fortinet has released security updates addressing this vulnerability. All users are strongly urged to upgrade to the latest patched versions listed above without delay.

Temporary Workaround:
If immediate patching is not feasible, organizations should disable the HTTP/HTTPS administrative interface, which serves as the primary attack vector. However, this measure may impact manageability and should only be considered a short-term solution.

Additional Best Practices:

Restrict access to the administrative interface to trusted networks only
Monitor system logs for signs of suspicious activity
Apply all security patches as soon as they become available

Update 7/11/2025

Fortinet has released patches for a critical SQL injection vulnerability in its FortiWeb Web Application Firewall (WAF), tracked as CVE-2025-25257.

Fortinet FortiWeb

Last updated on July 12, 2025

Comments

No comments yet. Why don’t you start the discussion?

Leave a ReplyCancel reply

United States	~59% of ransomware attacks globally Thousands per year
Poland	1,000+ per week
Russia	Highest cybercrime threat level
China	Thousands per year
India	115% surge in attacks Q2 2024
Ukraine	Significant surge since 2022
Brazil	Among top countries for blocked attacks
Mexico	65% of businesses hit in 2024
Germany	High targeted rate (EU)
France	High targeted rate (EU)

AS Name	ASN
Bharat Sanchar Nigam Ltd	9829
No.31,Jin-rong Street	4134
CHINA UNICOM China169 Backbone	4837
DigitalOcean, LLC	14061
HUAWEI INTERNATIONAL PTE. LTD.	136907
Amazon.com, Inc.	14618
Alibaba (US) Technology Co., Ltd.	45102
Google LLC	396982
Amazon.com, Inc.	16509
3xK Tech GmbH	200373

IP Address	Notable Exploits/Context
104.238.159.149	SharePoint zero-day, broad exploitation
107.191.58.76	SharePoint zero-day, government targets
96.9.125.147	SharePoint, previously Ivanti exploits
139.162.47.194	Exploits on CitrixBleed 2
38.180.148.215	CitrixBleed 2 campaigns
185.224.128.17	High activity, Netherlands
89.248.163.200	High activity, Netherlands
15.235.218.150	Associated with APT, active C2
45.9.148.114	Associated with C2, malicious netflow
91.107.150.184	C2 infrastructure, recent IoC