Multiple Fortinet FortiWeb instances have been compromised using exploits for the recently patched CVE-2025-25257 RCE flaw, leading to webshell infections. This activity highlights the importance of timely patching and securing web application firewalls against SQL injection vulnerabilities. #Fortinet #CVE202525257
Keypoints
- Cybercriminals exploited a critical SQL injection vulnerability in FortiWeb to gain remote code execution.
- Fortinet released patches on July 8, 2025, urging users to update their devices promptly.
- Public exploits for CVE-2025-25257 were released on July 11, increasing the risk of widespread attacks.
- Active exploitation has been confirmed, with most compromised endpoints located in the United States.
- Administrators are advised to disable vulnerable interfaces or upgrade to patched versions immediately.