Ethical Hacking News
U.S. CISA has added Fortinet's FortiWeb SQL injection vulnerability (CVE-2025-25257) to its Known Exploited Vulnerabilities catalog, warning organizations to apply patches immediately to prevent exploitation by malicious actors.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Fortinet's FortiWeb device to its Known Exploited Vulnerabilities catalog. The identified vulnerability, CVE-2025-25257, is a SQL injection vulnerability that allows unauthenticated attackers to execute unauthorized SQL commands. Hackers began exploiting the critical Fortinet FortiWeb flaw on July 11, shortly after a proof-of-concept exploit was published, leading to dozens of compromised systems. The vulnerability has a critical Common Vulnerability Scoring System (CVSS) score of 9.6, indicating its high severity and potential impact on organizations that use Fortinet's FortiWeb devices. Fortinet has released security patches for versions 7.6.4, 7.4.8, 7.2.11, and 7.0.11 to address the issue. CISA orders federal agencies to fix the vulnerabilities by August 08, 2025, emphasizing the importance of timely patching.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical security flaw in Fortinet's FortiWeb device to its Known Exploited Vulnerabilities catalog, alerting organizations to take immediate action to patch the vulnerability before it can be exploited by malicious actors. The identified vulnerability, CVE-2025-25257, is a SQL injection vulnerability that allows unauthenticated attackers to execute unauthorized SQL commands via crafted HTTP/HTTPS requests.
The CISA's addition of this flaw to its catalog serves as a formal warning to organizations that use Fortinet's FortiWeb devices, advising them to take prompt action to address the identified vulnerability. According to CISA, hackers began exploiting the critical Fortinet FortiWeb flaw on July 11, shortly after a proof-of-concept (PoC) exploit was published, leading to dozens of compromised systems.
The exploitation of this vulnerability is attributed to a SQL injection vulnerability in FortiWeb, tracked as CVE-2025-25257. This vulnerability has a critical Common Vulnerability Scoring System (CVSS) score of 9.6, indicating its high severity and potential impact on organizations that use Fortinet's FortiWeb devices.
The vulnerability was discovered by Kentaro Kawane from GMO Cybersecurity and reported under responsible disclosure. WatchTowr researchers conducted an analysis of Fortinet's httpsd service between versions 7.6.3 and 7.6.4, which led them to discover the presence of a security patch that addresses the issue.
The vulnerability allows unauthenticated attackers to execute unauthorized SQL commands via crafted HTTP/HTTPS requests, posing a significant threat to organizations that use Fortinet's FortiWeb devices. The exploitation of this vulnerability can result in various forms of attacks, including but not limited to lateral movement within an organization's network, data exfiltration, and other malicious activities.
Fortinet has addressed the issue with the release of security patches in versions 7.6.4, 7.4.8, 7.2.11, and 7.0.11. Organizations that use Fortinet's FortiWeb devices are strongly advised to apply these patches immediately to prevent exploitation by malicious actors.
CISA orders federal agencies to fix the vulnerabilities by August 08, 2025, emphasizing the importance of timely patching to protect against potential attacks. Private organizations are also recommended to review the CISA catalog and address the vulnerabilities in their infrastructure to mitigate the risk associated with this critical security flaw.
In light of this critical security alert, it is essential for organizations that use Fortinet's FortiWeb devices to take prompt action to patch the identified vulnerability. This can be achieved by applying the security patches released by Fortinet and ensuring that all systems are updated with the latest security fixes.
Furthermore, organizations should conduct a thorough risk assessment to identify potential vulnerabilities in their infrastructure and implement robust security measures to prevent exploitation of this critical flaw.
The addition of Fortinet's FortiWeb flaw to CISA's Known Exploited Vulnerabilities catalog serves as a reminder of the importance of cybersecurity and the need for organizations to prioritize security patches and vulnerability management. By taking proactive steps to address this critical security flaw, organizations can significantly reduce their risk exposure and protect against potential attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/US-CISA-Adds-Fortinet-FortiWeb-Flaw-to-Its-Known-Exploited-Vulnerabilities-Catalog-A-Critical-Security-Alert-for-Organizations-ehn.shtml
https://securityaffairs.com/180162/hacking/u-s-cisa-adds-fortinet-fortiweb-flaw-to-its-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2025-25257
https://www.cvedetails.com/cve/CVE-2025-25257/
Published: Tue Jul 22 13:11:05 2025 by llama3.2 3B Q4_K_M
