Fortinet FortiWeb Fabric Connector Flaw Enables Remote Code Execution
Posted: Sun Jul 13, 2025 1:58 pm
Security researchers have identified a severe pre-authentication SQL injection vulnerability in Fortinet’s FortiWeb Fabric Connector, designated as CVE-2025-25257, that allows unauthenticated attackers to execute unauthorized SQL commands and potentially achieve remote code execution.
The vulnerability affects multiple versions of FortiWeb, including 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10, and 7.0.0 through 7.0.10, with patches available in newer versions.
https://gbhackers.com/fortinet-fortiweb ... ctor-flaw/
The vulnerability affects multiple versions of FortiWeb, including 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10, and 7.0.0 through 7.0.10, with patches available in newer versions.
https://gbhackers.com/fortinet-fortiweb ... ctor-flaw/