1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Fortinet FortiWeb SQL Injection Vulnerability

Known Exploited Vulnerabilities CVE-2025-25257

Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-25257 Fortinet FortiWeb SQL Injection Vulnerability exploitation_technique T1055 Process Injection
Comments
Affected versions of FortiWeb contain insufficient input sanitization, allowing for an attacker to use SQL injection to write a malicious .pth file to the into FortiWeb's site-packages Python directory. This allows the malicious code to execute using the privileges granted to Python scripts in that high-level directory.
References
  1. https://zeropath.com/blog/fortinet-fortiweb-cve-2025-25257-sql-injection-rce
CVE-2025-25257 Fortinet FortiWeb SQL Injection Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
Affected versions of FortiWeb contain insufficient input sanitization, allowing for an attacker to use SQL injection to write a malicious .pth file to the into FortiWeb's site-packages Python directory. This allows the malicious code to execute using the privileges granted to Python scripts in that high-level directory.
References
  1. https://zeropath.com/blog/fortinet-fortiweb-cve-2025-25257-sql-injection-rce
CVE-2025-25257 Fortinet FortiWeb SQL Injection Vulnerability exploitation_technique T1068 Exploitation for Privilege Escalation
Comments
Affected versions of FortiWeb contain insufficient input sanitization, allowing for an attacker to use SQL injection to write a malicious .pth file to the into FortiWeb's site-packages Python directory. This allows the malicious code to execute using the privileges granted to Python scripts in that high-level directory. Given the use of SQL, this can lead to potential loss of data within the database.
References
  1. https://zeropath.com/blog/fortinet-fortiweb-cve-2025-25257-sql-injection-rce
CVE-2025-25257 Fortinet FortiWeb SQL Injection Vulnerability primary_impact T1059.004 Unix Shell
Comments
Affected versions of FortiWeb contain insufficient input sanitization, allowing for an attacker to use SQL injection to write a malicious .pth file to the into FortiWeb's site-packages Python directory. This allows the malicious code to execute using the privileges granted to Python scripts in that high-level directory. Given the use of SQL, this can lead to potential loss of data within the database.
References
  1. https://zeropath.com/blog/fortinet-fortiweb-cve-2025-25257-sql-injection-rce
CVE-2025-25257 Fortinet FortiWeb SQL Injection Vulnerability secondary_impact T1485 Data Destruction
Comments
Affected versions of FortiWeb contain insufficient input sanitization, allowing for an attacker to use SQL injection to write a malicious .pth file to the into FortiWeb's site-packages Python directory. This allows the malicious code to execute using the privileges granted to Python scripts in that high-level directory. Given the use of SQL, this can lead to potential loss of data within the database.
References
  1. https://zeropath.com/blog/fortinet-fortiweb-cve-2025-25257-sql-injection-rce