Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Fortinet: ’Critical’ FortiWeb Vulnerability Exploited In Attacks

CRN by CRN
July 18, 2025
Home News
Share on FacebookShare on Twitter


The cybersecurity vendor confirmed Friday that the flaw has been ‘exploited in the wild on FortiWeb.’

Fortinet confirmed Friday that a critical-severity vulnerability affecting its web application firewall, FortiWeb, has seen exploitation in cyberattacks.

The cybersecurity vendor disclosed the details in an update Friday to a previously released advisory about the FortiWeb vulnerability (tracked at CVE-2025-25257).

[Related: 5 Things To Know On The Fortinet FortiManager Attacks]

“Fortinet has observed this to be exploited in the wild on FortiWeb,” the vendor said in the advisory update.

CRN has reached out to Fortinet for further comment.

The vendor had released patches for the SQL injection flaw on July 8. This week, however, researchers at threat tracker Shadowserver said it was “likely” that dozens of unpatched FortiWeb instances had been compromised through exploits of the vulnerability, going back as far as July 11.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also confirmed Friday that the critical FortiWeb vulnerability has been exploited in attacks.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA wrote in its advisory.

While the order only applies to Federal Civilian Executive Branch agencies, CISA “strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of [such] vulnerabilities as part of their vulnerability management practice,” the agency said.

The vulnerability has received a rating of “critical,” with a severity score of 9.6 out of 10.0. The vulnerability was added to CISA’s catalog of vulnerabilities known to have seen exploitation Friday.

In its advisory, Fortinet said the vulnerability can be exploited by an unauthorized actor to execute code or commands on an affected system. The flaw “may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests,” the vendor said.



Source link

Tags: CyberattacksCybersecuritynetwork securityVulnerabilities
CRN

CRN

Next Post
Radiate Holdco, LLC Releases First Quarter 2025 Financial Results

Radiate Holdco, LLC Releases First Quarter 2025 Financial Results

Recommended.

Scala Data Centers, Lightera, and Nokia conduct the first AccuCore HCF™ (Hollow Core Fiber) test in Latin America

Scala Data Centers, Lightera, and Nokia conduct the first AccuCore HCF™ (Hollow Core Fiber) test in Latin America

November 7, 2025
The Future of Cybersecurity Includes Non-Human Employees

The Future of Cybersecurity Includes Non-Human Employees

January 7, 2026

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio