Fortinet has issued patches for a significant security vulnerability affecting FortiWeb that might allow an unauthenticated intruder to execute arbitrary database commands on vulnerable systems.
Labeled as CVE-2025-25257, the flaw has been assigned a CVSS rating of 9.6 on a scale of 10.0.
“An inadequate neutralization of special characters utilized in an SQL command (‘SQL Injection’) vulnerability [CWE-89] in