Fortinet FortiWeb Vulnerability Exploited: Patch Now
Researchers have discovered a serious vulnerability in Fortinet's FortiWeb product, leading to widespread exploitation. The SQL injection flaw, identified as CVE-2025-25257, allows unauthenticated attackers to execute unauthorized commands. Administrators are urged to apply available patches immediately.
The vulnerability was first exploited on July 11, just a day after a proof-of-concept (PoC) exploit was published. Kentaro Kawane from GMO Cybersecurity reported the issue under responsible disclosure. Fortinet has since released security patches in versions 7.6.4, 7.4.8, 7.2.11, and 7.0.11.
WatchTowr researchers found the security patch by comparing binary differences between Fortinet's service versions 7.6.3 and 7.6.4. They successfully demonstrated the exploit by crafting a file that ran their desired Python code when a CGI script was triggered. Shadowserver researchers observed a significant decrease in FortiWeb hacks, from 85 to 35, following the release of the patches on July 18.
Over 20,000 Fortinet FortiWeb devices remain online, but many are not clearly exposed, leaving their vulnerability status uncertain. Administrators are advised to check their systems, apply available patches, and monitor security reports to ensure the safety of their networks.
Read also:
- Web3 social arcade extends Pixelverse's tap-to-earn feature beyond Telegram to Base and Farcaster platforms.
- Over 5,600 Road Safety Violations Caught in Manchester Trial
- Quintauris & Everspin Team Up to Boost RISC-V Reliability in Automotive
- Jaguar Land Rover Resumes Production After Cyberattack, UK Govt & Banks Provide £3.5B Support
