Cyber Posture

CVE-2022-29059

Low

Published: 14 March 2025

Published
14 March 2025
Modified
24 July 2025
KEV Added
Patch
CVSS Score 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0011 28.6th percentile
Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-29059 is a low-severity SQL Injection (CWE-89) vulnerability in Fortinet Fortiweb. Its CVSS base score is 2.7 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses SQL injection by requiring validation and sanitization of string parameters to neutralize special elements before they reach SQL commands.

SI-2 Flaw Remediation good match
prevent

Ensures timely remediation of the specific SQL injection flaw through identification, testing, and deployment of vendor patches for affected FortiWeb versions.

AU-9 Protection of Audit Information partial match
prevent

Protects the log database containing audit information from unauthorized modification by privileged attackers exploiting SQL injection.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
attack.mitre.org →
Why these techniques?

SQL injection in public-facing FortiWeb web app directly maps to T1190; arbitrary SQL on log DB enables stored data manipulation (T1565.001) via integrity impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands over…

more

the log database via specifically crafted strings parameters.

Deeper analysisAI

CVE-2022-29059 is an SQL injection vulnerability (CWE-89) stemming from improper neutralization of special elements in SQL commands. It affects FortiWeb versions 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, and 6.2.7 and below, specifically targeting the log database through crafted string parameters.

A privileged attacker with network access can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables execution of arbitrary SQL commands on the log database, resulting in low integrity impact (CVSSv3.1 score of 2.7: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

The FortiGuard advisory FG-IR-22-140 provides details on this issue, including recommended mitigations and patches for affected FortiWeb versions.

Details

CWE(s)
CWE-89

Affected Products

fortinet
fortiweb
6.2.3 — 6.2.7 · 6.3.0 — 6.3.18 · 6.4.0 — 6.4.2

CVEs Like This One

CVE-2025-25257Same product: Fortinet Fortiweb
CVE-2025-52970Same product: Fortinet Fortiweb
CVE-2025-64447Same product: Fortinet Fortiweb
CVE-2025-59719Same product: Fortinet Fortiweb
CVE-2024-55594Same product: Fortinet Fortiweb
CVE-2023-42784Same product: Fortinet Fortiweb
CVE-2024-55597Same product: Fortinet Fortiweb
CVE-2025-58034Same product: Fortinet Fortiweb
CVE-2026-40688Same product: Fortinet Fortiweb
CVE-2026-24017Same product: Fortinet Fortiweb

References