CISA Warns of Fortinet FortiWeb SQL Injection Vulnerability Exploited in Attacks

Threat Level

65% Cybersecurity News 11 hours ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Fortinet FortiWeb vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation of the SQL injection flaw in cyberattacks worldwide. The vulnerability, tracked as CVE-2025-25257, affects Fortinet’s FortiWeb web application firewall and carries a severe CVSS score of 9.6 out of 10. […]...

Continue Reading on Original Site

Recommended Articles

Popular npm linter packages hijacked via phishing to drop malware

BleepingComputer 2 hours ago

Popular npm linter packages hijacked via phishing to drop malware Ax Sharma July 19, 2025 08:51 AM 0 Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply ...

Ex-IDF cyber chief on Iran, Scattered Spider, and why social engineering worries him more than 0-days

The Register Security 6 hours ago

Cyber-crime Ex-IDF cyber chief on Iran, Scattered Spider, and why social engineering worries him more than 0-days Keep It Simple, Stupid InterviewScattered Spider and Iranian government-backed cyber u...

China’s Salt Typhoon Hackers Breached the US National Guard for Nearly a Year

Wired 4 hours ago

After reporting lastweek that the “raw” Jeffrey Epstein prison video posted by the FBIwas likely modified in at least some ways(though there is no evidence that the footage was deceptively manipulated...

New CrushFTP 0-Day Vulnerability Exploited in the Wild to Gain Access to Servers

Cybersecurity News 4 hours ago

A critical zero-day flaw in the CrushFTP managed file-transfer platform was confirmed after vendor and threat-intelligence sources confirmed active exploitation beginning on 18 July 2025 at 09:00 CST....

Chinese Threat Actors Using 2,800 Malicious Domains to Deliver Windows-Specific Malware

Cybersecurity News 3 hours ago

A sophisticated Chinese threat actor campaign has emerged as one of the most persistent malware distribution operations targeting Chinese-speaking communities worldwide. Since June 2023, this ongoing ...

Threat Intelligence

Attack Types 1

SQL Injection

Vulnerabilities 1

SQL Injection

Business Intelligence

Companies 1

Fortinet

Security Vendors 1

Fortinet

Agencies 2

CISA Cybersecurity and Infrastructure Security Agency

Technical Indicators

CVEs 1

CVE-2025-25257

Information

Article ID: #3862
Published: 11 hours ago
Source: Cybersecurity News

Recommended Articles

Popular npm linter packages hijacked via phishing to drop malware

Ex-IDF cyber chief on Iran, Scattered Spider, and why social engineering worries him more than 0-days

China’s Salt Typhoon Hackers Breached the US National Guard for Nearly a Year

New CrushFTP 0-Day Vulnerability Exploited in the Wild to Gain Access to Servers

Chinese Threat Actors Using 2,800 Malicious Domains to Deliver Windows-Specific Malware

Save to Folder

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies