CVE-2025-25257CISA KEV: Actively Exploited

Fortinet FortiWeb SQL Injection Vulnerability

Published Jul 18, 2025·Updated Jul 18, 2025

Description

Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

Public Exploits & PoCs14 found

PoC: CVE-2025-25257

FortiWeb CVE-2025-25257 exploit

11

PoC: CVE-2025-25257

Public PoC for CVE-2025-25257: FortiWeb pre-auth SQLi to RCE

1

PoC: CVE-2025-25257

CVE-2025-25257

PoC: Fortinet-FortiWeb-Fabric-Connector-CVE-2025-25257-Detection

This repository provides production-ready detection engineering content for **CVE-2025-25257**, a pre-authentication SQL Injection vulnerability in Fortinet FortiWeb Fabric Connector versions 7.0 through 7.6.x. Successful exploitation can lead to Remote Code Execution without any prior authentication.

PoC: CVE-2025-25257

CVE-2025-25257 PoC for educational use and/or authorised pentesting.

PoC: CVE-2025-25257

🛠️ Exploit CVE-2025-25257 in FortiWeb with a working full exploit and a proof of concept for file read/write.

PoC: CVE-2025-25257

A working (at least for me :] ) exploit for CVE-2025-25257

PoC: CVE-2025-25257

CVE‑2025‑25257 is a critical pre-authentication SQL injection vulnerability affecting Fortinet FortiWeb’s

PoC: CVE-2025-25257

PoC for CVE-2025-25257, a critical unauthenticated SQL injection in FortiWeb. Exploits SQLi via the Authorization header to write a webshell and gain RCE. No login required. Fully automated.

PoC: CVE-2025-25257

Explore the CVE-2025-25257 exploit for FortiWeb. This repo includes a full exploit and a proof of concept for file read/write. 🐱💻🔒

PoC: Blackash-CVE-2025-25257

CVE-2025-25257

PoC: CVE-2025-25257-Exploit-Tool

Tool for detecting and exploiting CVE-2025-25257 in Fortinet FortiWeb.

PoC: CVE-2025-25257

Exploiting the CVE-2025-25257 vulnerability in FortiWeb. This repository demonstrates secure pre-authenticated SQL injection.

PoC: CVE-2025-25257

Unauthenticated SQL Injection in FortiWeb

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free