Fortinet: >> Fortiweb >> 7.6.3 Security Vulnerabilities
CVE-2025-25257
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Known exploited
CVSS Score
9.8
EPSS Score
0.221
Published
2025-07-17
Page 3