CVE-2025-25257
Fortinet FortiWeb SQL Injection Vulnerability
Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. Vendor/Product: Fortinet FortiWeb. Added to CISA KEV 2025-07-18; required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.