Security researchers have identified a severe pre-authentication SQL injection vulnerability in Fortinet’s FortiWeb Fabric Connector, designated as CVE-2025-25257, that allows unauthenticated attackers to execute unauthorized SQL commands and potentially achieve remote code execution.
The vulnerability affects multiple versions of FortiWeb, including 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10, and 7.0.0 through 7.0.10, with patches available in newer versions.
https://gbhackers.com/fortinet-fortiweb ... ctor-flaw/