Fortinet has published a security advisory highlighting vulnerabilities in the following products on July 8th and updated it on July 18th, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated.
- FortiAnalyzer – multiple versions
- FortiAnalyzer Cloud – multiple versions
- FortiIsolator – multiple versions
- FortiManager – multiple versions
- FortiManager Cloud – multiple versions
- FortiOS 7.6 – versions 7.6.0 to 7.6.1
- FortiOS 7.4 – versions 7.4.0 to 7.4.7
- FortiOS 7.2 – versions 7.2.0 to 7.2.11
- FortiOS 7.0 – versions 7.0.1 to 7.0.16
- FortiProxy 7.6 – versions 7.6.0 to 7.6.1
- FortiProxy 7.4 – versions 7.4.0 to 7.4.8
- FortiProxy 7.2 – versions 7.2.0 to 7.2.13
- FortiProxy 7.0 – versions 7.0.0 to 7.0.20
- FortiSandbox – multiple versions
- FortiVoice 6.4 – versions 6.4.0 to 6.4.10
- FortiVoice 7.0 – versions 7.0.0 to 7.0.6
- FortiVoice 7.2 – versions 7.2.0
- FortiWeb – multiple versions
Update 1
CVE-2025-25257: Unauthenticated SQL injection in GUI affecting:
- FortiWeb 7.6 – versions 7.6.0 to 7.6.3
- FortiWeb 7.4 – versions 7.4.0 to 7.4.7
- FortiWeb 7.2 – versions 7.2.0 to 7.2.10
- FortiWeb 7.0 – versions 7.0.0 to 7.0.10
Update 2
On July 18, 2025, CISA added CVE-2025-25257 to their Known Exploited Vulnerabilities (KEV) Catalog while Fortinet updated their advisory to indicate that this vulnerability had been exploited.
For more information on this update, you can follow these URLs:
The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.
PDF Download: Fortinet Security Advisory
References