Critical SQL injection vulnerability in Fortinet FortiWeb WAF allowing unauthenticated attackers to execute arbitrary SQL and code via crafted HTTP/HTTPS requests. CISA has confirmed active exploitation in the wild with public PoC available.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2025-07-17
Added to CISA KEV: 2025-07-18 1 DAY BETWEEN CVE AND KEV
On July 8, 2025, Fortinet disclosed CVE-2025โ25257, a severe SQL injection vulnerability in their FortiWeb web application firewall. This unauthenticated flaw allows attackers to execute arbitrary code with root privileges, posing a massive risk to organizations.
A critical vulnerability was recently identified in Fortinetโs FortiWeb product: CVE-2025โ25257, affecting web application firewalls (WAFs) globally. This vulnerability allows unauthenticated remote code execution (RCE), posing significant risk to exposed assets.
Fortinet released fixes for a critical vulnerability in FortiWeb that could allow an unauthenticated threat actor to execute SQL commands via crafted HTTP ...
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
The vulnerability, tracked as CVE-2025-25257, affects Fortinetโs FortiWeb web application firewall and carries a severe CVSS score of 9.6 out of 10.CVE-2025-25257 exploitation activity observed since Jul 11th,โ The Shadowserver Foundation reported.