On July 8, 2025, Fortinet released fixes for a critical vulnerability in FortiWeb that could allow an unauthenticated threat actor to execute SQL commands via crafted HTTP or HTTPS requests, tracked as CVE-2025-25257. The flaw lies in the Graphical User Interface (GUI) component and stems from improper neutralization of special elements used in SQL statements. The vulnerability was discovered by a security researcher and responsibly disclosed to Fortinet.
While Arctic Wolf has not observed any exploitation of this vulnerability or identified a publicly available proof-of-concept (PoC) exploit, Fortinet products have historically been frequent targets for threat actors. For example, in late 2024, Arctic Wolf observed the exploitation of a zero-day vulnerability (CVE-2024-55591) that targeted publicly exposed management interfaces on Fortinet FortiGate firewalls.
Recommendation
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Version | Fixed Version |
| FortiWeb 7.6 | 7.6.0 through 7.6.3 | 7.6.4 or above |
| FortiWeb 7.4 | 7.4.0 through 7.4.7 | 7.4.8 or above |
| FortiWeb 7.2 | 7.2.0 through 7.2.10 | 7.2.11 or above |
| FortiWeb 7.0 | 7.0.0 through 7.0.10 | 7.0.11 or above |
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.
Workaround
For users unable to immediately upgrade to a fixed version, Fortinet recommends disabling the HTTP/HTTPS administrative interface.
References
Learn more about the Arctic Wolf Cyber Resilience Assessment.
Take a deep dive into NIST CSF 2.0 with our webinar, NIST CSF 2.0: A Blueprint for Operationalizing Risk Management Within Your Security Program.
