THREAT OPS › CVEs › CVE-2025-25257
CVE-2025-25257 — Fortinet FortiWeb SQL Injection Vulnerability
Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Vulnerability details
- Affected productsFortiWeb
- KEV remediation due2025-08-08