CVE-2025-25257 | Fortinet FortiWeb up to 7.0.10/7.2.10/7.4.7/7.6.3 HTTP Request sql injection (FG-IR-25-151)

Inserito da Angelo Barbosa | Lug 17, 2025 | CVE

A vulnerability was found in Fortinet FortiWeb up to 7.0.10/7.2.10/7.4.7/7.6.3. It has been classified as critical. Affected is an unknown function of the component HTTP Request Handler. The manipulation leads to sql injection.

This vulnerability is traded as CVE-2025-25257. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-25257 | Fortinet FortiWeb up to 7.0.10/7.2.10/7.4.7/7.6.3 HTTP Request sql injection (FG-IR-25-151)

Post correlati

CVE-2024-7862 | Blog Introduction Plugin up to 0.3.0 on WordPress Setting cross-site request forgery

CVE-2024-12260 | Ultimate Endpoints with Rest Api Plugin up to 2.2.2 on WordPress cross site scripting

CVE-2024-44825 | InVesalius 3.1.99995 inv3 File path traversal

CVE-2023-52252 | Unified Remote 3.13.0 Lua access control (EDB-51309)