<ul data-eligibleForWebStory="false"><li>PoC exploits for CVE-2025-25257 in Fortinet FortiWeb enable pre-auth RCE, urging users to patch.</li><li>The flaw is a SQL injection vulnerability (CWE-89) allowing unauthorized SQL commands via HTTP/HTTPS requests.</li><li>Fortinet released security patches in versions 7.6.4, 7.4.8, 7.2.11, and 7.0.11 to address the issue.</li><li>Administrators are advised to patch immediately due to the availability of public exploits, with potential future active exploitation.</li></ul>

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

Discover more