Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in FortiWeb
Alerts

Critical Vulnerability in FortiWeb

10 July 2025

Fortinet has released security updates to address a critical vulnerability affecting their FortiWeb products.

Background

Fortinet has released security updates to address a critical vulnerability (CVE-2025-25257) affecting their FortiWeb products.

Impact

Successful exploitation of the structured query language (SQL) command vulnerability could allow an unauthenticated attacker to execute unauthorised SQL code or commands via crafted HTTP or HTTPs requests.

Affected Products

The vulnerability affects the following products:

  • FortiWeb versions 7.6.0 through 7.6.3

  • FortiWeb versions 7.4.0 through 7.4.7

  • FortiWeb versions 7.2.0 through 7.2.10

  • FortiWeb versions 7.0.0 through 7.0.10 

Mitigation

Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.

If immediate patching is not possible or feasible, administrators are advised to disable the HTTP/HTTPS administrative interface as a workaround.

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-151

https://securityonline.info/fortinet-fixes-critical-sql-injection-flaw-in-fortiweb-cve-2025-25257-cvss-9-6

Back to top