Malicious actors could exploit a critical unauthorized SQL injection in GUI vulnerability in Fortinet FortiWeb Fabric Connector, tracked as CVE-2025-25257, to facilitate remote code execution and complete system compromise, Hackread reports.
Such a flaw which was initially reported by GMO Cybersecurity by Ierae's Kentaro Kawane could be escalated into an RCE by leveraging MySQL's INTO OUTFILE statement to enable direct file writing into the system's directory, according to a report from watchTowr Labs. Despite challenges in achieving direct execution, utilizing a /cgi-bin folder-based Python script forced Python code execution for total system compromise. Aside from infiltrating the targeted FortiWeb device, threat actors could also impact other connected systems, which could enable data exfiltration, service interruptions, and subsequent attacks, said watchTowr Labs researchers. Organizations using vulnerable Fortinet FortiWeb instances have been recommended to promptly implement the updated versions, while those that cannot do so were urged to deactivate the HTTP/HTTPS administrative interface for the time being.
Such a flaw which was initially reported by GMO Cybersecurity by Ierae's Kentaro Kawane could be escalated into an RCE by leveraging MySQL's INTO OUTFILE statement to enable direct file writing into the system's directory, according to a report from watchTowr Labs. Despite challenges in achieving direct execution, utilizing a /cgi-bin folder-based Python script forced Python code execution for total system compromise. Aside from infiltrating the targeted FortiWeb device, threat actors could also impact other connected systems, which could enable data exfiltration, service interruptions, and subsequent attacks, said watchTowr Labs researchers. Organizations using vulnerable Fortinet FortiWeb instances have been recommended to promptly implement the updated versions, while those that cannot do so were urged to deactivate the HTTP/HTTPS administrative interface for the time being.
