Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication

Hackers started targeting a recently patched critical-severity vulnerability in Fortinet FortiWeb on the same day that proof-of-concept (PoC) exploit code was shared publicly.

Tracked as CVE-2025-25257 (CVSS score of 9.6), the flaw is described as an SQL injection issue that allows unauthenticated attackers to run unauthorized SQL code or commands via crafted HTTP or HTTPS requests.

Fortinet released fixes for the security defect on July 8, crediting Kentaro Kawane from GMO Cybersecurity by Ierae for reporting it.

FortiWeb versions 7.6.4, 7.4.8, 7.2.11, and 7.0.11 contain the necessary patches and users are advised to update as soon as possible, or to disable the HTTP/HTTPS administrative interface if patching is not possible.

On July 11, watchTowr Labs published technical information on the bug, explaining that it resides in a function that fails to properly sanitize user input.

After dissecting the issue, the ...