VYPR
Unrated severityCISA KEVNVD Advisory· Published Jul 17, 2025· Updated Feb 26, 2026

CVE-2025-25257

CVE-2025-25257

Description

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Fortinet/Fortiwebv52 versions
    cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*range: 7.6.0
    • (no CPE)range: 7.0.0-7.0.10, 7.2.0-7.2.10, 7.4.0-7.4.7, 7.6.0-7.6.3

Patches

Vulnerability mechanics

References

1

News mentions

1