On July 8, 2025, Fortinet released for a critical vulnerability in FortiWeb that could allow an unauthenticated threat actor to execute SQL commands via crafted HTTP or HTTPS requests, tracked as CVE-2025-25257. The flaw lies in the Graphical User Interface (GUI) component and stems from improper neutralization of special elements used in SQL statements. The vulnerability was discovered by a security researcher and responsibly disclosed to Fortinet.?
While Arctic Wolf has not observed any exploitation of this vulnerability or identified a publicly available proof-of-concept (PoC) exploit, Fortinet products have historically been frequent targets for threat actors. For example, in late 2024, Arctic Wolf observed the exploitation of a zero-day vulnerability (CVE-2024-55591) that targeted publicly exposed management interfaces on Fortinet FortiGate firewalls.?
Recommendation?
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.?
| Product? | Affected Version? | Fixed Version? |
| FortiWeb 7.6? | 7.6.0 through 7.6.3? | 7.6.4 or above? |
| FortiWeb 7.4? | 7.4.0 through 7.4.7? | 7.4.8 or above? |
| FortiWeb 7.2? | 7.2.0 through 7.2.10? | 7.2.11 or above? |
| FortiWeb 7.0? | 7.0.0 through 7.0.10? | 7.0.11 or above? |
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.?
Workaround?
For users unable to immediately upgrade to a fixed version, Fortinet recommends disabling the HTTP/HTTPS administrative interface.?
References?
Learn more about the?Arctic Wolf Cyber Resilience Assessment.
Take a deep dive into NIST CSF 2.0 with?our webinar, NIST CSF 2.0: A Blueprint for Operationalizing Risk Management Within Your Security Program.
