An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
The FortiWeb application improperly neutralizes special characters in input data passed to SQL queries. An attacker can send a crafted HTTP or HTTPS request containing a malicious SQL payload without needing any credentials. The vulnerability allows injection and execution of unauthorized SQL commands directly in the device's database layer.
An unauthenticated attacker can gain full access to data stored in the database, modify or delete configuration data, and potentially take control of the device — which in the case of a WAF device means compromising the entire protected network infrastructure.
FortiWeb must be immediately updated to a version containing the patch according to the vendor's advisory (FG-IR-25-151) available at https://fortiguard.fortinet.com/psirt/FG-IR-25-151. Until the update is applied, consider restricting access to the device's management interface to trusted IP addresses only.
Fortinet FortiWeb in versions: 7.6.0–7.6.3, 7.4.0–7.4.7, 7.2.0–7.2.10, 7.0.0–7.0.10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortiweb
APPFortinet7.0.0 – 7.0.11 (bez)7.2.0 – 7.2.11 (bez)7.4.0 – 7.4.8 (bez)7.6.0 – 7.6.4 (bez)
CISA KEV — detailsi
- Vendori
- Fortinet ↗
- Producti
- FortiWeb
- Added to KEVi
- July 18, 2025
- Remediation deadline (US Federal)i
- August 8, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Related vulnerabilities
Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach
Path Traversal w Fortinet FortiWeb umożliwiający zdalne wykonanie poleceń
Fortinet FortiWeb — pominięcie uwierzytelnienia SSO przez spreparowany SAML
Buffer Underflow w interfejsie administracyjnym Fortinet FortiOS / FortiProxy — RCE bez uwierzytelnienia
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 al...