Fortinet Issues Critical Patch for SQL Injection Vulnerability in FortiWeb (CVE-2025-25257)

July 11, 2025, United States

Fortinet has unveiled a patch addressing a severe security vulnerability in FortiWeb, which could allow unauthenticated attackers to execute arbitrary database commands on affected systems. Designated as CVE-2025-25257, this flaw has a CVSS score of 9.6 out of 10. According to Fortinet’s advisory, the vulnerability stems from “improper neutralization of special elements used in an SQL command (SQL Injection) [CWE-89],” enabling unauthorized SQL code execution through specially crafted HTTP or HTTPS requests.

The vulnerability affects the following FortiWeb versions:

  • FortiWeb 7.6.0 to 7.6.3 (Upgrade to 7.6.4 or higher)
  • FortiWeb 7.4.0 to 7.4.7 (Upgrade to 7.4.8 or higher)
  • FortiWeb 7.2.0 to 7.2.10 (Upgrade to 7.2.11 or higher)
  • FortiWeb 7.0.0 to 7.0.10 (Upgrade to 7.0.11 or higher)

Kentaro Kawane from GMO Cybersecurity is credited with reporting this significant vulnerability, as well as several critical issues in Cisco systems.

Fortinet Issues Critical Patch for SQL Injection Vulnerability in FortiWeb

On July 11, 2025, Fortinet announced the release of urgent patches for a significant security vulnerability in FortiWeb, a web application firewall. This flaw, designated CVE-2025-25257, poses a serious risk, allowing unauthorized attackers the potential to execute arbitrary SQL commands on affected systems. Scoring a critical 9.6 on the CVSS scale, this vulnerability could have widespread implications for businesses relying on FortiWeb for their web security.

The security advisory issued by Fortinet details that this security weakness arises from improper handling of special elements within SQL commands, a form of attack commonly referred to as SQL Injection (CWE-89). By exploiting crafted HTTP or HTTPS requests, an attacker could gain the ability to manipulate database interactions in a manner that bypasses authentication, effectively compromising the integrity of organizational data.

Impacted versions of FortiWeb include 7.6.0 to 7.6.3, requiring upgrades to 7.6.4 or later; versions 7.4.0 to 7.4.7 need to be updated to 7.4.8 or above; for those using 7.2.0 to 7.2.10, a transition to 7.2.11 or higher is necessary; and systems running versions 7.0.0 to 7.0.10 must upgrade to at least 7.0.11. Organizations still utilizing these vulnerable versions are strongly urged to implement the necessary updates to mitigate potential exploitation risks.

The primary targets of this vulnerability are likely organizations utilizing FortiWeb, which spans various sectors, including finance, healthcare, and e-commerce. Since Fortinet is based in the United States, the majority of the affected installations can be found domestically. However, due to the global reach of Fortinet’s user base, international entities could also be at risk if using outdated software.

From a cybersecurity perspective, this incident can be contextualized using the MITRE ATT&CK framework, notably within the tactics associated with initial access and exploitation of vulnerabilities. The ability of an attacker to execute unauthorized SQL commands suggests a clear pathway for initial access, leveraging SQL Injection techniques to manipulate databases without proper authentication. Furthermore, the potential for privilege escalation exists if attackers gain access to sensitive data or administrative functions during the exploitation.

The implications of this vulnerability extend beyond immediate data security concerns. Organizations must recognize the importance of timely patch management and the proactive measures necessary to safeguard their digital assets. As cyber threats continue to evolve, maintaining robust security practices and vigilant monitoring becomes increasingly critical for business continuity in a landscape rife with vulnerabilities.

As a response to this critical advisory, business owners are advised to take immediate action by reviewing their FortiWeb implementations and ensuring all updates are applied without delay. Cybersecurity is an ever-present challenge, and staying a step ahead is essential for protecting both organizational interests and customer trust.

Source link

Related Posts

Severe Sudo Vulnerabilities Allow Local Users to Escalate to Root Access on Major Linux Distributions

July 4, 2025
By Cybersecurity Insights

Cybersecurity researchers have identified two critical vulnerabilities in the Sudo command-line utility for Linux and Unix-like systems, enabling local attackers to elevate their privileges to root on affected machines. Here’s a summary of the vulnerabilities:

  • CVE-2025-32462 (CVSS Score: 2.8): In versions prior to 1.9.17p1, Sudo, when configured with a sudoers file specifying a host that is neither the current host nor ALL, permits listed users to execute commands on unintended machines.

  • CVE-2025-32463 (CVSS Score: 9.3): In Sudo versions before 1.9.17p1, local users can gain root access as a result of the /etc/nsswitch.conf file being utilized from a user-controlled directory in conjunction with the –chroot option.

Sudo is a command-line tool designed to allow low-privileged users to execute commands as another user, typically the superuser, thereby implementing the principle of least privilege for administrative tasks.

Warning: Exposed JDWP Interfaces are Being Exploited for Crypto Mining; Hpingbot Targets SSH for DDoS

Date: July 5, 2025
Category: Vulnerability / Botnet

Cybercriminals are exploiting exposed Java Debug Wire Protocol (JDWP) interfaces to gain code execution access and deploy cryptocurrency miners on compromised systems. According to Wiz researchers Yaara Shriki and Gili Tikochinski, “The attacker utilized a modified version of XMRig with a hard-coded configuration, allowing them to evade detection from suspicious command-line arguments that security measures often flag.” They added that the mining payload employed proxies to obscure the cryptocurrency wallet address, complicating investigations. The cloud security firm, recently acquired by Google Cloud, reported observing this activity on its honeypot servers running TeamCity, a well-known continuous integration and delivery (CI/CD) tool. JDWP, a debugging communication protocol for Java, enables users to manage Java applications in separate processes.

CISA Adds Four High-Risk Vulnerabilities to KEV Catalog Amid Ongoing Exploitation

July 8, 2025
Cyber Attacks / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included four critical vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The identified vulnerabilities are as follows:

  • CVE-2014-3931 (CVSS score: 9.8): A buffer overflow flaw in Multi-Router Looking Glass (MRLG) allowing remote attackers to perform arbitrary memory writes and cause memory corruption.
  • CVE-2016-10033 (CVSS score: 9.8): A command injection vulnerability in PHPMailer enabling attackers to execute arbitrary code within the application or trigger a denial-of-service (DoS) condition.
  • CVE-2019-5418 (CVSS score: 7.5): A path traversal vulnerability in Ruby on Rails’ Action View that may expose the contents of arbitrary files on the target system’s filesystem.
  • CVE-2019-9621 (CVSS score: 7.5): A Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite that could…

Microsoft Addresses 130 Vulnerabilities, Including Critical Issues in SPNEGO and SQL Server

July 9, 2025
Endpoint Security / Vulnerability

In its first Patch Tuesday update of 2025, Microsoft has rolled out fixes for 130 vulnerabilities, marking a shift as no exploited security flaws were included in this batch. Notably, one flaw addressed had already been publicly disclosed. The update also tackles 10 additional non-Microsoft CVEs impacting Visual Studio, AMD, and the Chromium-based Edge browser. Among the patched vulnerabilities, 10 are classified as Critical, while the remainder are deemed Important. “This marks the end of an 11-month streak of fixing at least one zero-day exploitation,” noted Satnam Narang, Senior Staff Research Engineer at Tenable. The vulnerabilities include 53 related to privilege escalation, 42 for remote code execution, 17 for information disclosure, and 8 for security feature bypasses. Furthermore, the update builds on two other flaws previously fixed in the Edge browser since the last month’s Patch Tuesday.