Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) - watchTowr Labs

13 Jul 2025

CybersecurityVulnerabilitiesSQL InjectionRemote Code Execution

The post discusses a pre-authentication SQL Injection vulnerability in the Fortinet FortiWeb Fabric Connector, identified by CVE-2025-25257. This flaw allows for Remote Code Execution (RCE). The technical details and implications of this vulnerability are explored by watchTowr Labs.

Read the original article on reddit.com

Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) - watchTowr Labs | Cyber Hub