FortiWeb — Critical SQL injection vulnerability

FortiWeb — Critical SQL injection vulnerability

Fortinet has patched a critical flaw in its FortiWeb web application firewall that could allow unauthenticated attackers to execute unauthorized SQL commands and achieve remote code execution.

The vulnerability is tracked as CVE-2025–25257 (CVSS score 9.6) — improper neutralization of special elements used in SQL commands within FortiWeb’s Graphical User Interface (GUI) component.

Affected versions:

• FortiWeb 7.6: versions 7.6.0 through 7.6.3
• FortiWeb 7.4: versions 7.4.0 through 7.4.7
  FortiWeb 7.2: versions 7.2.0 through 7.2.10
• FortiWeb 7.0: versions 7.0.0 through 7.0.10

Patched versions

• FortiWeb 7.6: versions 7.6.4 or above
• FortiWeb 7.4: versions 7.4.8 or above
  FortiWeb 7.2: versions 7.2.11 or above
• FortiWeb 7.0: versions 7.0.11 or above

For organizations unable to immediately upgrade to the fixed versions, a temporary mitigation is disabling the HTTP/HTTPS administrative interface, This mitigation may limit administrative capabilities and is not considered a permanent solution.

Take action: If you have Fortinet FortiWeb systems running versions 7.0 through 7.6.3, make sure it’s web admin interface is isolated from the internet and accessible from trusted networks. Then plan a quick patch. If you can’t patch for extended period (more than a few weeks), consider disabling the web admin interface since that blocks the attacks, but also blocks your normal admin work. Seems easier to patch.

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html