(TLP:CLEAR) PoC Exploits for Pre-Auth Fortinet FortiWeb RCE Vulnerability Released (CVE-2025-25257)

Summary: Proof-of-Concept (PoC) exploits have been released for a vulnerability in Fortinet FortiWeb that WaterISAC drew awareness to in last week’s SRU. The high-severity vulnerability could allow a remote attacker to exploit vulnerable FortiWeb web application firewalls (WAFs) to achieve pre-authenticated remote code execution (CVE-2025-25257).

Analyst Note: WaterISAC is sharing this information to draw additional awareness to this high-severity vulnerability. Since PoC exploits have been publicly disclosed, risks of exploitation rise due to additional malicious actors’ likelihood of replicating the exploit, especially in high-severity vulnerabilities that are relatively easy to implement such as this one. Members are encouraged to patch systems immediately and refer to Fortinet’s advisory for applicable update information and mitigations.

Original Source: https://www.bleepingcomputer.com/news/security/exploits-for-pre-auth-fortinet-fortiweb-rce-flaw-released-patch-now/

Additional Reading:

• (TLP:AMBER) Salt Typhoon Targets US, Australian, Canadian, and UK Cisco and Fortinet Edge Devices

Mitigation Recommendations:

• Fortinet | Unauthenticated SQL injection in GUI (CVE-2025-25257)

Related WaterISAC PIRs: 6, 8, 12