Hey! and welcome to another THEY BURNED MY BUG episode. This time, we introduce CVE-2025-25257. An SQLi that I spotted back in Feb. in case someone burn them before i get my bragging rights8157d42995395ba0c0cfccce37b934ebb63d3d5740ba43eda7fa853f389bca2a8fc4ca6426ae50c7673326eacb6644a8b361ad1051138d04cbd9da8b807a0973— faulty *ptrrr (@0x_shaq) February 9, 2025 This is a pre-auth SQLi bug that can be leveraged to an RCE in FortiWeb.
#BSI WID-SEC-2025-0341: [NEU] [mittel] #Fortinet #FortiWeb: Mehrere Schwachstellen ermöglichen Ausführung von Kommandos
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Fortinet FortiWeb ausnutzen, um beliebige Betriebssystem-Kommandos auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0341
#BSI WID-SEC-2024-3441: [NEU] [niedrig] #Fortinet #FortiWeb: Schwachstelle ermöglicht Offenlegung von Informationen
Ein lokaler Angreifer kann eine Schwachstelle in Fortinet FortiWeb ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3441
#BSI WID-SEC-2024-1571: [NEU] [mittel] #Fortinet #FortiWeb: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Fortinet FortiWeb ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1571
In this Cloud Field Day article presented by Fortinet, Chris Hildebrandt discusses the FortiWeb Cloud WAF-as-a-Service to empower security. In a world where digital threats are omnipresent, FortiWeb™ Cloud WAF as a Service emerges as a customer-first solution that not only fortifies web applications and APIs, but also simplifies the security management process. With its cloud advantage, advanced features, and commitment to customer security, FortiWeb™ Cloud WAF is a formidable guardian in the realm of cybersecurity.
Cybersecurity vendor Fortinet has addressed two critical vulnerabilities impacting its FortiNAC and FortiWeb products. Cybersecurity firm Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions. The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756, are respectively an external control of file name or path in Fortinet FortiNAC and a collection […]
Fortinet stopft Schadcode-Lücken in Netzwerk-Produkten
Angreifer könnten unberechtigt unter anderem auf FortiManager zugreifen. Sicherheitsupdates stehen zum Download bereit.
#FortiADC #FortiWeb #Fortinet #Netzwerk #Patches #Security #Sicherheitslücken #Updates #News
securityaffairs
The New Oil
Marco Ivaldi
BSI WID Advisories Feed
Gestalt IT
heise online
heise online (inoffiziell)