【Vulnerability Alert】Significant Security Vulnerability in Fortinet's FortiWeb (CVE-2025-25257)

Date Posted: 2025/07/11

Subject: 【Vulnerability Alert】Significant Security Vulnerability in Fortinet's FortiWeb (CVE-2025-25257)

Content Description:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202507-00000005
- Fortinet's FortiWeb is a web application firewall product that provides functions including anomaly detection, API protection, bot mitigation, and advanced threat analysis. Recently, Fortinet issued a significant security vulnerability announcement (CVE-2025-25257, CVSS: 9.6). This vulnerability may allow unauthenticated attackers to execute unauthorized SQL code or commands through specially crafted HTTP or HTTPS requests.
Affected Platforms:
- FortiWeb versions 7.0.0 to 7.0.10
- FortiWeb versions 7.2.0 to 7.2.10
- FortiWeb versions 7.4.0 to 7.4.7
- FortiWeb versions 7.6.0 to 7.6.3
Suggested Measures:
- Please update to FortiWeb 7.0.11, FortiWeb 7.2.11, FortiWeb 7.4.8, FortiWeb 7.6.4
References:
- https://www.twcert.org.tw/tw/cp-169-10235-c60c2-1.html

Computer and Communications Center
Network Systems Division Respectfully