Unrated severityCISA KEVNVD Advisory· Published Jul 17, 2025· Updated Feb 26, 2026

CVE-2025-25257

Description

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

Affected products

Fortinet/Fortiwebv5
cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
Range: 7.6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.fortinet.com/psirt/FG-IR-25-151mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.022
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000