Aperçu
Fortinet FortiWeb contains a critical SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through crafted HTTP/HTTPS requests. The vulnerability affects multiple versions across the 7.x and earlier releases, posing a severe risk to web application firewall deployments that are exposed to untrusted networks. La vulnérabilité a été divulguée le July 17, 2025. CISA a identifié CVE-2025-25257 comme étant exploitée mais n'est pas actuellement connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
Fortinet FortiWeb versions 7.6.0-7.6.3, 7.4.0-7.4.7, 7.2.0-7.2.10, and all versions below 7.0.10 are vulnerable to SQL injection attacks. The vulnerability stems from improper neutralization of special elements in SQL commands within the web application. An attacker can craft malicious HTTP or HTTPS requests containing SQL injection payloads that bypass input validation and are directly executed by the backend database. Since authentication is not required to exploit this vulnerability, any attacker with network access to the FortiWeb instance can execute unauthorized SQL commands.
La vulnérabilité est classifiée comme CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')) etCWE-20 (Improper Input Validation) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 9.8 (CRITICAL) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indiquant sa nature critical.
Impact
An unauthenticated attacker can exploit this SQL injection vulnerability to: (1) Extract sensitive data from the FortiWeb database including configuration, credentials, logs, and policy information; (2) Modify or delete database records, potentially compromising the integrity of security policies and configurations; (3) Execute system commands with database privileges, potentially leading to remote code execution; (4) Cause denial of service by executing resource-intensive queries or corrupting critical database structures. As FortiWeb is a critical web application firewall, compromise of this component could allow attackers to bypass security controls and gain unauthorized access to protected web applications.
Mitigation et contournements
1. Backup current FortiWeb configuration and database 2. Download the latest patched version from Fortinet Support Portal (requires valid support contract) 3. For FortiWeb 7.6.x: Upgrade to 7.6.4 or later 4. For FortiWeb 7.4.x: Upgrade to 7.4.8 or later 5. For FortiWeb 7.2.x: Upgrade to 7.2.11 or later 6. For FortiWeb below 7.0.10: Upgrade to 7.0.10 or later 7. Follow Fortinet's upgrade procedure for your deployment model (standalone, high availability, or cloud) 8. Verify patch installation and test functionality in staging environment first 9. Monitor logs for any suspicious activity post-patch Les versions suivantes incluent les correctifs nécessaires : FortiWeb 7.6.4 and later, FortiWeb 7.4.8 and later, FortiWeb 7.2.11 and later, FortiWeb 7.0.10 and later.
Comme contournements temporaires : implement network-level access controls to restrict access to fortiweb management and application interfaces to trusted ip addresses only. use firewall rules to limit http/https traffic to known legitimate sources.; disable unnecessary fortiweb features and endpoints that are not required for your deployment. review and minimize exposed interfaces.; monitor fortiweb logs and database access patterns for unusual sql queries, authentication failures, or suspicious command patterns. set up alerts for anomalous activity., et if possible, isolate fortiweb from production networks and place it in a dmz with limited lateral movement capabilities..
Recommandation de CISA : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ressources additionnelles
Source : Ce rapport a été généré par IA
