【Vulnerability Alert】Significant Security Vulnerability in Fortinet's FortiWeb (CVE-2025-25257)

• Subject: 【Vulnerability Alert】Significant Security Vulnerability in Fortinet's FortiWeb (CVE-2025-25257)

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202507-00000005
  • Fortinet's FortiWeb is a web application firewall product that provides functions including anomaly detection, API protection, bot mitigation, and advanced threat analysis. Recently, Fortinet issued a significant security vulnerability announcement (CVE-2025-25257, CVSS: 9.6). This vulnerability may allow unauthenticated attackers to execute unauthorized SQL code or commands through specially crafted HTTP or HTTPS requests.
• Affected Platforms:
  • FortiWeb versions 7.0.0 to 7.0.10
  • FortiWeb versions 7.2.0 to 7.2.10
  • FortiWeb versions 7.4.0 to 7.4.7
  • FortiWeb versions 7.6.0 to 7.6.3
• Suggested Measures:
  • Please update to FortiWeb 7.0.11, FortiWeb 7.2.11, FortiWeb 7.4.8, FortiWeb 7.6.4
• References:
  • https://www.twcert.org.tw/tw/cp-169-10235-c60c2-1.html

Computer and Communications Center
Network Systems Division Respectfully