THREATOPS
THREAT OPSCVEs › CVE-2025-25257

CVE-2025-25257 — Fortinet FortiWeb SQL Injection Vulnerability

CISA KEVExploited: confirmedFortinet

Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

Vulnerability details