CyberSecurityBoard
Sponsor Register Login

FortiWeb SQL Injection Vulnerability Allows Attacker to Execute Malicious SQL Code

The vulnerability allows for SQL injection attacks where malicious SQL code is injected into database queries, potentially enabling attackers to read, modify, or delete sensitive data stored in the backend database. The fact that unauthenticated attackers can exploit this vulnerability significantly amplifies its risk profile, as no prior system access or credentials are required to launch attacks. The vulnerability affects multiple FortiWeb versions across different release branches. The FortiWeb SQL injection vulnerability originates from the product’s GUI component’s improper input validation mechanisms. Critical FortiWeb flaw, CVE-2025-25257, lets attackers run malicious SQL via crafted requests. The vulnerability has been assigned CVE-2025-25257 and carries a CVSS v3 score of 9.6, indicating its critical severity level. This could lead to complete system compromise, data exfiltration, service disruption, or lateral movement within the network infrastructure. FortiWeb 7.2 versions 7.2.0 through 7.2.10 require upgrading to 7.2.11 or above, while FortiWeb 7.0 versions 7.0.0 through 7.0.10 need upgrading to 7.0.11 or above. Exploitation can compromise data and system security. FortiWeb 7.4 versions 7.4.0 through 7.4.7 need upgrading to 7.4.8 or above.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 09 Jul 2025 10:35:09 +0000


Cyber News related to FortiWeb SQL Injection Vulnerability Allows Attacker to Execute Malicious SQL Code

Fortinet FortiWeb Instances Hacked with Webshells Following Public PoC Exploits - Dozens of Fortinet FortiWeb instances have been compromised with webshells in a widespread hacking campaign, according to the threat monitoring organization The Shadowserver Foundation. The flaw, discovered by security researcher Kentaro Kawane of ...
5 months ago Cybersecuritynews.com CVE-2025-25257
CVE-2023-25602 - A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and ...
2 years ago
FortiWeb SQL Injection Vulnerability Allows Attacker to Execute Malicious SQL Code - The vulnerability allows for SQL injection attacks where malicious SQL code is injected into database queries, potentially enabling attackers to read, modify, or delete sensitive data stored in the backend database. The fact that unauthenticated ...
6 months ago Cybersecuritynews.com CVE-2025-25257
CISA Warns of Fortinet FortiWeb SQL Injection Vulnerability Exploited in Attacks - “An improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs ...
5 months ago Cybersecuritynews.com
New Fortinet FortiWeb hacks likely linked to public RCE exploits - Multiple Fortinet FortiWeb instances recently infected with web shells are believed to have been compromised using public exploits for a recently patched remote code execution (RCE) flaw tracked as CVE-2025-25257. "An improper neutralization of ...
5 months ago Bleepingcomputer.com CVE-2025-25257
CVE-2025-64447 - A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may ...
1 month ago
Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now - Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers. "An improper neutralization of special elements used ...
6 months ago Bleepingcomputer.com
Fortinet FortiWeb Fabric Connector Vulnerability Exploited to Execute Remote Code - A critical security vulnerability in Fortinet’s FortiWeb Fabric Connector has been discovered and exploited, allowing attackers to execute remote code on affected systems without authentication. Watchtower researchers analyzing the ...
6 months ago Cybersecuritynews.com
CVE-2025-64446 - A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative ...
2 months ago
CVE-2023-23782 - A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via ...
2 years ago
CVE-2025-64471 - A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 ...
1 month ago
CVE-2022-22297 - An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all ...
2 years ago
CVE-2023-33305 - A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version ...
2 years ago
CVE-2025-59669 - A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service ...
1 month ago
CVE-2022-39951 - A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute ...
2 years ago
Weekly Cybersecurity Newsletter: Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More - Google has issued an emergency security update for its Chrome browser to address a critical zero-day vulnerability, CVE-2025-6558, that is being actively exploited in the wild. The Node.js project released security updates on July 15, 2025, to fix ...
5 months ago Cybersecuritynews.com CVE-2025-6558
CVE-2023-23780 - A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests. ...
2 years ago
CVE-2023-23784 - A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests. ...
2 years ago
CVE-2022-42471 - An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an ...
2 years ago
CVE-2025-59719 - An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a ...
1 month ago
What is SEO Poisoning Attack? - Search engine optimization (SEO) poisoning is a type of cyber attack that infiltrates search results. It consists of malicious search engine results created by an attacker attempting to redirect someone to malicious or vulnerable webpages. It is a ...
2 years ago Heimdalsecurity.com
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - Our structured query language (SQL) injection detection model detected triggers containing unusual patterns that did not correlate to any known open-source or commercial automated vulnerability scanning tool. We have tested all malicious payloads ...
1 year ago Unit42.paloaltonetworks.com
CVE-2017-3129 - A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature. ...
8 years ago
CVE-2023-23783 - A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. ...
2 years ago
CVE-2024-21758 - A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack ...
1 year ago Tenable.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)