Unrated severityCISA KEVNVD Advisory· Published Jul 17, 2025· Updated Feb 26, 2026
CVE-2025-25257
CVE-2025-25257
Description
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
1- Risky Business #799 -- Everyone's Sharepoint gets shelledRisky Business · Jul 23, 2025