FortiWeb Pre-Auth RCE (CVE-2025-25257)

Hey! and welcome to another THEY BURNED MY BUG episode. This time, we introduce CVE-2025-25257. An SQLi that I spotted back in Feb. in case someone burn them before i get my bragging rights8157d42995395ba0c0cfccce37b934ebb63d3d5740ba43eda7fa853f389bca2a8fc4ca6426ae50c7673326eacb6644a8b361ad1051138d04cbd9da8b807a0973— faulty *ptrrr (@0x_shaq) February 9, 2025 This is a pre-auth SQLi bug that can be leveraged to an RCE in FortiWeb.