Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication

Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication

Posted on By CWS

Hackers began concentrating on a just lately patched critical-severity vulnerability in Fortinet FortiWeb on the identical day that proof-of-concept (PoC) exploit code was shared publicly.

Tracked as CVE-2025-25257 (CVSS rating of 9.6), the flaw is described as an SQL injection challenge that permits unauthenticated attackers to run unauthorized SQL code or instructions by way of crafted HTTP or HTTPS requests.  

Fortinet launched fixes for the safety defect on July 8, crediting Kentaro Kawane from GMO Cybersecurity by Ierae for reporting it.

FortiWeb variations 7.6.4, 7.4.8, 7.2.11, and seven.0.11 include the mandatory patches and customers are suggested to replace as quickly as attainable, or to disable the HTTP/HTTPS administrative interface if patching is just not attainable.

On July 11, watchTowr Labs printed technical data on the bug, explaining that it resides in a perform that fails to correctly sanitize consumer enter.

After dissecting the difficulty, the researchers demonstrated that it may very well be exploited to write down a python (.pth) file into the server’s site-packages listing, which led to distant code execution (RCE).

Whereas Fortinet made no point out of the bug being exploited within the wild on July 8, the primary exploitation makes an attempt have been noticed on July 11, instantly after watchTowr’s weblog submit and PoC exploit.

The Shadowserver Basis on Thursday noticed 35 FortiWeb situations on which webshells had been planted, apparently via the exploitation of CVE-2025-25257. The quantity has dropped from 85 compromised deployments seen on July 14.Commercial. Scroll to proceed studying.

In accordance with Censys, there are over 20,000 internet-accessible FortiWeb home equipment, albeit a lot of them don’t look like instantly uncovered. It’s unclear what number of of those are susceptible, as Censys couldn’t infer their model data.

Given the continued exploitation of the vulnerability and the place FortiWeb has within the community – it’s used to connect with and handle units within the Fortinet ecosystem – customers are suggested to replace their deployments urgently.

Associated: Fortinet, Ivanti Patch Excessive-Severity Vulnerabilities

Associated: Fortinet Patches Zero-Day Exploited In opposition to FortiVoice Home equipment

Associated: Risk Actor Allegedly Promoting Fortinet Firewall Zero-Day Exploit

Associated: Fortinet Patches Crucial FortiSwitch Vulnerability

Security Week News Tags:, , , , , ,

Related Posts

Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment Security Week News
Ransomware Attack Targets Advantest’s Network Ransomware Attack Targets Advantest’s Network Security Week News
Google Paid Out 8,000 at Live Hacking Event Google Paid Out $458,000 at Live Hacking Event Security Week News
The Congressional Budget Office Was Hacked. It Says It Has Implemented New Security Measures The Congressional Budget Office Was Hacked. It Says It Has Implemented New Security Measures Security Week News
ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories Security Week News
Critical Drupal Vulnerability Faces Exploitation Critical Drupal Vulnerability Faces Exploitation Security Week News