2025-07-11 Journal
Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257)
- Source:
vulnerability.circl.lu - Time:
13:39:36 - Summary: # Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) Ref: https://labs.watchtowr.com/pre-auth-sql-injection-to-rce-fortinet-fortiweb-fabric-connector-cve-2025-25257/ Welcome back to yet another day in this parallel universe of security. This time, we’re looking at Fortinet’s FortiWeb Fabric Connector. “What is that?” we hear you say. That’s a great question; no one knows. For the uninitiated, or unjaded; > Fortinet’s FortiWeb Fabric Connector is…
FortiWeb - Unauthenticated SQL injection in GUI
- Source:
vulnerability.circl.lu - Time:
08:03:41 -
Summary: # PSIRT FortiGuard Labs Unauthenticated SQL injection in GUI ### Summary An improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. Version Affected Solution ———— ——————– ————————— FortiWeb 7.6 7.6.0 through 7.6.3 Upgrade to 7.6.4 or…