The cybersecurity vendor confirmed Friday that the flaw has been ‘exploited in the wild on FortiWeb.’
Fortinet confirmed Friday that a critical-severity vulnerability affecting its web application firewall, FortiWeb, has seen exploitation in cyberattacks.
The cybersecurity vendor disclosed the details in an update Friday to a previously released advisory about the FortiWeb vulnerability (tracked at CVE-2025-25257).
[Related: 5 Things To Know On The Fortinet FortiManager Attacks]
“Fortinet has observed this to be exploited in the wild on FortiWeb,” the vendor said in the advisory update.
CRN has reached out to Fortinet for further comment.
The vendor had released patches for the SQL injection flaw on July 8. This week, however, researchers at threat tracker Shadowserver said it was “likely” that dozens of unpatched FortiWeb instances had been compromised through exploits of the vulnerability, going back as far as July 11.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also confirmed Friday that the critical FortiWeb vulnerability has been exploited in attacks.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA wrote in its advisory.
While the order only applies to Federal Civilian Executive Branch agencies, CISA “strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of [such] vulnerabilities as part of their vulnerability management practice,” the agency said.
The vulnerability has received a rating of “critical,” with a severity score of 9.6 out of 10.0. The vulnerability was added to CISA’s catalog of vulnerabilities known to have seen exploitation Friday.
In its advisory, Fortinet said the vulnerability can be exploited by an unauthorized actor to execute code or commands on an affected system. The flaw “may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests,” the vendor said.
