CVE-2025-25257 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through…
Critical KEV CVSS: 9.8

CVE-2025-25257

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Vendor
Fortinet
Product
Fortiweb
CWE
CWE-89
Yayın Tarihi
2025-07-17 16:15:34
Güncelleme
2026-02-20 16:49:01
Source Identifier
psirt@fortinet.com
KEV Date Added
2025-07-18

Kategoriler

CWE-89 Fortiweb CRITICAL Fortinet 2025

Referanslar

https://fortiguard.fortinet.com/psirt/FG-IR-25-151 https://packetstorm.news/files/id/210193/ https://www.exploit-db.com/exploits/52473 https://github.com/0xbigshaq/CVE-2025-25257 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-25257