Ethical Hacking News
Fortinet has released patches to address a critical security vulnerability impacting its FortiWeb product, CVE-2025-25257. The vulnerability allows an unauthenticated attacker to execute arbitrary database commands on susceptible instances. Users are recommended to upgrade to the latest version of FortiWeb or apply the patch to mitigate potential risks.
Patches released for critical SQL injection vulnerability in Fortinet's FortiWeb product. Vulnerability (CVE-2025-25257) allows unauthenticated attackers to execute arbitrary database commands. Patch addresses the "get_fabric_user_by_token" function in the Fabric Connector component. Patch is available for FortiWeb versions 7.6.0 through 7.6.3, and 7.4.0 through 7.4.7, and 7.2.0 through 7.2.10. Users are recommended to upgrade to the latest version or apply the patch to mitigate potential risks.
Fortinet, a leading provider of cybersecurity solutions, has released patches to address a critical security vulnerability impacting its FortiWeb product. The vulnerability, tracked as CVE-2025-25257, is classified as a moderate-severity SQL injection flaw that could allow an unauthenticated attacker to execute arbitrary database commands on susceptible instances.
The patch addresses a function called "get_fabric_user_by_token" in the Fabric Connector component of FortiWeb. This function is associated with the Fabric Connector, which acts as a bridge between FortiWeb and other Fortinet products. The vulnerability arises from the fact that attacker-controlled input passed via a Bearer token Authorization header in a specially crafted HTTP request is passed directly to an SQL database query without adequate sanitization.
This can lead to a situation where the query is executed as the "mysql" user, allowing an attacker to write the results of command execution to a file in the underlying operating system. The vulnerability is considered critical due to its potential impact on the security posture of Fortinet's customers.
According to Fortinet, the patch is available for FortiWeb versions 7.6.0 through 7.6.3, as well as versions 7.4.0 through 7.4.7 and 7.2.0 through 7.2.10. Users are recommended to upgrade to the latest version of FortiWeb or apply the patch to mitigate potential risks.
In an analysis published by watchTowr Labs, it was noted that the problem is rooted in the Fabric Connector component of FortiWeb. The function "get_fabric_user_by_token" is invoked from another function named "fabric_access_check," which is called from three different API endpoints: "/api/fabric/device/status", "/api/v[0-9]/fabric/widget/[a-z]+," and "/api/v[0-9]/fabric/widget." The issue arises from the fact that attacker-controlled input passed via a Bearer token Authorization header in a specially crafted HTTP request is passed directly to an SQL database query without adequate sanitization.
Security researcher Sina Kheirkhah noted that "The new version of the function replaces the previous format-string query with prepared statements – a reasonable attempt to prevent straightforward SQL injection." However, this does not entirely eliminate the risk of SQL injection attacks.
In recent times, threats actors have exploited vulnerabilities in Fortinet devices. Therefore, it is essential for users to move quickly to update their systems to the latest version and apply patches to mitigate potential risks.
In conclusion, the patch released by Fortinet addresses a critical security vulnerability impacting its FortiWeb product. The vulnerability arises from inadequate sanitization of input passed via a Bearer token Authorization header in a specially crafted HTTP request. Users are recommended to upgrade to the latest version of FortiWeb or apply the patch to mitigate potential risks.
Related Information:
https://www.ethicalhackingnews.com/articles/Fortinet-Releases-Patch-for-Critical-SQL-Injection-Flaw-in-FortiWeb-A-Detailed-Analysis-ehn.shtml
https://thehackernews.com/2025/07/fortinet-releases-patch-for-critical.html
Published: Fri Jul 11 10:45:38 2025 by llama3.2 3B Q4_K_M
