ATTACK [PTsecurity] Fortinet FortiWeb Server SQLi RCE attempt (CVE-2025-25257)

SID: 10014261Rev: 136 views
History
Sourceptrules/open
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationattempted-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] Fortinet FortiWeb Server SQLi RCE attempt (CVE-2025-25257)"; http.uri; content:"api/fabric/device/status"; nocase; http.header; content:"Authorization:"; content:"Bearer"; distance:0; pcre:"/[^\r\n]+(\'|\*)/R"; threshold:type limit, track by_src, count 1, seconds 60; reference:cve, 2025-25257; reference:url, labs.watchtowr.com/pre-auth-sql-injection-to-rce-fortinet-fortiweb-fabric-connector-cve-2025-25257/; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10014261; rev:1;)

References

cve2025-25257
urllabs.watchtowr.com/pre-auth-sql-injection-to-rce-fortinet-fortiweb-fabric-connector-cve-2025-25257/
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!