← Zuruck zu CVEs

CVE-2025-25257

CRITICALCISA KEV

9.8

Beschreibung

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht7/17/2025

Zuletzt geandert2/20/2026

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerFortinet

ProduktFortiWeb

SchwachstellennameFortinet FortiWeb SQL Injection Vulnerability

KEV Aufnahmedatum2025-07-18

Behebungsfrist2025-08-08

Ransomware-NutzungUnknown

Betroffene Produkte

fortinet:fortiweb

Schwachen (CWE)

CWE-89CWE-89

Referenzen

https://fortiguard.fortinet.com/psirt/FG-IR-25-151(psirt@fortinet.com)

https://packetstorm.news/files/id/210193/(af854a3a-2127-422b-91ae-364da2661108)

https://www.exploit-db.com/exploits/52473(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/0xbigshaq/CVE-2025-25257(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-25257(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.