Critical Fortinet Flaw Exposes Web Firewalls to Remote Code Attacks
Help Net Security
|
Contributed by: Drex DeFord
Summary
A critical SQL command injection vulnerability, CVE-2025-25257, has been identified in Fortinet’s FortiWeb web application firewall, specifically impacting the Fabric Connector. The flaw allows unauthenticated attackers to execute remote code with root privileges by exploiting improperly sanitized SQL commands within HTTP or HTTPS requests. The risk is heightened by the disclosure of proof-of-concept exploits, which could lead to widespread attacks if not addressed promptly. Healthcare professionals using this technology need to prioritize applying the issued patch and enhancing security protocols to mitigate the potential for data breaches and system compromises.
