Critical Vulnerability Exposes Fortinet FortiWeb to Full Takeover (CVE-2025-25257)

WatchTowr Labs reveals CVE-2025-25257, a critical FortiWeb SQL injection allowing unauthenticated remote code execution. Patch your FortiWeb 7.0, 7.2, 7.4, 7.6 devices immediately to prevent full system compromise. Update NOW!

Cybersecurity researchers have uncovered a major weakness, CVE-2025-25257, in a key part of Fortinet’s security software: the FortiWeb Fabric Connector, vital for linking Fortinet’s web application firewall (FortiWeb) with other security tools, enabling dynamic protections.

The vulnerability was initially reported to Fortinet by Kentaro Kawane from GMO Cybersecurity by Ierae. The subsequent demonstration of escalating the vulnerability to full system control was performed and published by watchTowr Labs, and the findings were shared exclusively with Hackread.com.

What Happened?

This is an “unauthenticated SQL injection in GUI” flaw, which means attackers can exploit a weakness in the system’s administrative interface without needing a username or password, tricking the FortiWeb system into running their ...