Hackers began concentrating on a just lately patched critical-severity vulnerability in Fortinet FortiWeb on the identical day that proof-of-concept (PoC) exploit code was shared publicly.
Tracked as CVE-2025-25257 (CVSS rating of 9.6), the flaw is described as an SQL injection challenge that permits unauthenticated attackers to run unauthorized SQL code or instructions by way of crafted HTTP or HTTPS requests.
Fortinet launched fixes for the safety defect on July 8, crediting Kentaro Kawane from GMO Cybersecurity by Ierae for reporting it.
FortiWeb variations 7.6.4, 7.4.8, 7.2.11, and seven.0.11 include the mandatory patches and customers are suggested to replace as quickly as attainable, or to disable the HTTP/HTTPS administrative interface if patching is just not attainable.
On July 11, watchTowr Labs printed technical data on the bug, explaining that it resides in a perform that fails to correctly sanitize consumer enter.
After dissecting the difficulty, the researchers demonstrated that it may very well be exploited to write down a python (.pth) file into the server’s site-packages listing, which led to distant code execution (RCE).
Whereas Fortinet made no point out of the bug being exploited within the wild on July 8, the primary exploitation makes an attempt have been noticed on July 11, instantly after watchTowr’s weblog submit and PoC exploit.
The Shadowserver Basis on Thursday noticed 35 FortiWeb situations on which webshells had been planted, apparently via the exploitation of CVE-2025-25257. The quantity has dropped from 85 compromised deployments seen on July 14.Commercial. Scroll to proceed studying.
In accordance with Censys, there are over 20,000 internet-accessible FortiWeb home equipment, albeit a lot of them don’t look like instantly uncovered. It’s unclear what number of of those are susceptible, as Censys couldn’t infer their model data.
Given the continued exploitation of the vulnerability and the place FortiWeb has within the community – it’s used to connect with and handle units within the Fortinet ecosystem – customers are suggested to replace their deployments urgently.
Associated: Fortinet, Ivanti Patch Excessive-Severity Vulnerabilities
Associated: Fortinet Patches Zero-Day Exploited In opposition to FortiVoice Home equipment
Associated: Risk Actor Allegedly Promoting Fortinet Firewall Zero-Day Exploit
Associated: Fortinet Patches Crucial FortiSwitch Vulnerability
