**Serial number:** AV25-406 **Date:** July 8, 2025**Updated:** July 18, 2025On July 8, 2025, Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following:* FortiAnalyzer — multiple versions* FortiAnalyzer Cloud — multiple versions* FortiIsolator — multiple versions* FortiManager — multiple versions* FortiManager Cloud — multiple versions* FortiOS 7.6 — versions 7.6.0 to 7.6.1* FortiOS 7.4 — versions 7.4.0 to 7.4.7* FortiOS 7.2 — versions 7.2.0 to 7.2.11* FortiOS 7.0 — versions 7.0.1 to 7.0.16* FortiProxy 7.6 — versions 7.6.0 to 7.6.1* FortiProxy 7.4 — versions 7.4.0 to 7.4.8* FortiProxy 7.2 — versions 7.2.0 to 7.2.13* FortiProxy 7.0 — versions 7.0.0 to 7.0.20* FortiSandbox — multiple versions* FortiVoice 6.4 — versions 6.4.0 to 6.4.10* FortiVoice 7.0 — versions 7.0.0 to 7.0.6* FortiVoice 7.2 — versions 7.2.0* FortiWeb — multiple versionsUpdate 2——–On July 18, 2025, CISA added CVE-2025-25257 to their Known Exploited Vulnerabilities (KEV) Catalog.On July 18, 2025, Fortinet updated their advisory to indicate that this vulnerability [](#defn-vulnerability)VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization’s assets or operations. has been exploited.* [Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/news-events/alerts/2025/07/18/cisa-adds-one-known-exploited-vulnerability-catalog)* [Fortinet PSIRT Advisories](https://www.fortiguard.com/psirt/FG-IR-25-151)Update 1——–CVE-2025-25257: Unauthenticated SQL injection in GUI affecting:* FortiWeb 7.6 — versions 7.6.0 to 7.6.3* FortiWeb 7.4 — versions 7.4.0 to 7.4.7* FortiWeb 7.2 — versions 7.2.0 to 7.2.10* FortiWeb 7.0 — versions 7.0.0 to 7.0.10* [Fortinet PSIRT — FG-IR-25-151](https://www.fortiguard.com/psirt/FG-IR-25-151) The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. * [Fortinet PSIRT Advisories](https://www.fortiguard.com/psirt?filter=1&version=&severity=5&severity=4&severity=3&severity=2)
Related Tags:
NAICS: 56 – Administrative And Support And Waste Management And Remediation Services
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 561 – Administrative And Support Services
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
NAICS: 51 – Information
Blog: Government of Canada Alerts and Advisories
Data Encrypted for Impact
Associated Indicators: