漏洞描述
Fortinet FortiWeb 是一款网络应用防火墙产品,用于保护 Web 应用程序免受各种攻击。该漏洞存在于 FortiWeb 的 /api/fabric/device/status 接口中,攻击者可以通过构造恶意的 SQL 查询注入 Authorization 头部,从而绕过身份验证并执行任意 SQL 查询,可能导致敏感数据泄露或系统被完全控制。
Fortinet FortiWeb /api/fabric/device/status SQL 注入漏洞(CVE-2025-25257)
PoC代码
暂无相关漏洞推荐
- Fortinet FortiOS等 签名验证不当漏洞
- Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446/CVE-2025-58034)
- Fortinet FortiWeb 需授权 命令注入漏洞
- POC CVE-2025-64446: FortiWeb - Authentication Bypass
- Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446)
- POC Fortinet FortiWeb 未授权身份验证绕过漏洞(CVE-2025-64446)
- POC CVE-2022-42475: Fortinet SSL-VPN - Heap-Based Buffer Overflow
- POC CVE-2015-1880: Fortinet FortiOS <=5.2.3 - Cross-Site Scripting
- POC CVE-2016-3978: Fortinet FortiOS - Open Redirect/Cross-Site Scripting
- POC CVE-2017-3132: Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
- POC CVE-2017-3133: Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
- POC CVE-2018-13379: Fortinet FortiOS - Credentials Disclosure
- POC CVE-2018-13380: Fortinet FortiOS - Cross-Site Scripting