Fortinet releases fixes to address two critical vulnerabilities affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. Tracked as CVE-2025-59718 and CVE-2025-59719, both vulnerabilities have a CVSS score of 9.1. Successful exploitation of the vulnerabilities could lead to improper access control.
Tag: FortiWeb
Fortinet FortiWeb Zero-day Vulnerability Exploited in the Wild (CVE-2025-64446)
Threat actors are exploiting a zero-day vulnerability, CVE-2025-64446, that has been discovered in Fortinet’s FortiWeb web application firewall product. Successful exploitation of this new vulnerability allows an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. FortiGuard mentioned in the advisory that they are aware of the active exploitation … Continue reading “Fortinet FortiWeb Zero-day Vulnerability Exploited in the Wild (CVE-2025-64446)”
Fortinet FortiWeb Unauthenticated SQL Injection Vulnerability (CVE-2025-25257)
Kentaro Kawane from GMO Cybersecurity discovered a vulnerability of critical severity impacting FortiWeb. Tracked as CVE-2025-25257, the vulnerability has a CVSS score of 9.6. Upon successful exploitation of the vulnerability, an unauthenticated attacker can execute unauthorized SQL code via crafted HTTP or HTTPS requests. FortiWeb is a web application firewall (WAF) designed to protect web … Continue reading “Fortinet FortiWeb Unauthenticated SQL Injection Vulnerability (CVE-2025-25257)”