CyberSecurity news
FlagThis
info@thehackernews.com (The@The Hacker News
//
Fortinet has issued a critical patch for a severe SQL injection vulnerability affecting its FortiWeb product. Identified as CVE-2025-25257, the flaw resides within the Fabric Connector feature. This vulnerability allows an unauthenticated attacker to execute arbitrary commands and potentially gain access to sensitive information on affected systems. The issue stems from improper input sanitization, enabling attackers to manipulate SQL queries through specially crafted HTTP requests. The vulnerability has a high severity score of 9.8 out of 10, highlighting the significant risk it poses to organizations.
The vulnerability specifically impacts multiple versions of FortiWeb, including versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10, and 7.0.0 through 7.0.10. The FortiWeb Fabric Connector acts as a crucial middleware, connecting FortiWeb web application firewalls with other Fortinet products for dynamic security updates. Attackers can exploit this flaw by sending malicious SQL payloads within HTTP Authorization headers, bypassing authentication controls and potentially leading to remote code execution. Researchers have demonstrated that this SQL injection can be escalated to achieve full system compromise by leveraging MySQL's INTO OUTFILE statement to write files to the server and executing them via Python scripts.
Given the critical nature of this vulnerability and the availability of proof-of-concept exploits, Fortinet strongly urges all users of affected FortiWeb versions to apply the provided patches immediately. Organizations should update to FortiWeb 7.6.4, 7.4.8, 7.2.11, 7.0.11, or later versions to mitigate the risk of exploitation. As a temporary workaround, disabling the HTTP/HTTPS administrative interface can also help reduce exposure until the patches can be applied. Swift action is crucial to prevent potential data breaches and unauthorized access to sensitive systems.
ImgSrc: blogger.googleu
References :
The vulnerability specifically impacts multiple versions of FortiWeb, including versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10, and 7.0.0 through 7.0.10. The FortiWeb Fabric Connector acts as a crucial middleware, connecting FortiWeb web application firewalls with other Fortinet products for dynamic security updates. Attackers can exploit this flaw by sending malicious SQL payloads within HTTP Authorization headers, bypassing authentication controls and potentially leading to remote code execution. Researchers have demonstrated that this SQL injection can be escalated to achieve full system compromise by leveraging MySQL's INTO OUTFILE statement to write files to the server and executing them via Python scripts.
Given the critical nature of this vulnerability and the availability of proof-of-concept exploits, Fortinet strongly urges all users of affected FortiWeb versions to apply the provided patches immediately. Organizations should update to FortiWeb 7.6.4, 7.4.8, 7.2.11, 7.0.11, or later versions to mitigate the risk of exploitation. As a temporary workaround, disabling the HTTP/HTTPS administrative interface can also help reduce exposure until the patches can be applied. Swift action is crucial to prevent potential data breaches and unauthorized access to sensitive systems.
ImgSrc: blogger.googleu
Share:
References :
- labs.watchtowr.com: Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) - watchTowr Labs
- The Hacker News: Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
- arcticwolf.com: CVE-2025-25257: Critical Unauthenticated SQL Injection Vulnerability in FortiWeb
- Talkback Resources: Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257)
- cyberpress.org: Fortinet FortiWeb Vulnerability Exploited for Remote Code Execution via Fabric Connector
- Talkback Resources: Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) [app] [exp]
- cyberpress.org: Cyberpress: Fortinet FortiWeb Fabric Connector Vulnerability Exploited to Execute Remote Code
- Talkback Resources: Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers.
- Arctic Wolf: CVE-2025-25257: Critical Unauthenticated SQL Injection Vulnerability in FortiWeb
- hackread.com: Critical Vulnerability Exposes Fortinet FortiWeb to Full Takeover (CVE-2025-25257)
- securityaffairs.com: Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb
- gbhackers.com: Fortinet FortiWeb Fabric Connector Flaw Enables Remote Code Execution
- Cyber Security News: Security researchers have identified a critical pre-authentication SQL injection vulnerability in Fortinet’s FortiWeb Fabric Connector, designated as CVE-2025-25257, that allows unauthenticated attackers to achieve remote code execution on affected systems.
- gbhackers.com: Security researchers have identified a severe pre-authentication SQL injection vulnerability in Fortinet’s FortiWeb Fabric Connector, designated as CVE-2025-25257, that allows unauthenticated attackers to execute unauthorized SQL commands and potentially achieve remote code execution.
- cert.europa.eu: On July 8, 2025, Fortinet released a security advisory addressing a critical vulnerability in its FortiWeb product that would allow an attacker to execute unauthorised code or commands on the affected systems.
Classification:
- HashTags: #Fortinet #FortiWeb #SQLInjection
- Company: Fortinet
- Target: FortiWeb users
- Product: FortiWeb
- Feature: SQL Injection
- Malware: CVE-2025-25257
- Type: Vulnerability
- Severity: Critical