Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-52970

CWE-233 CWE-103810 documents10 sources

Severity

8.1HIGH

EPSS

26.4%

top 3.69%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Fortinet Fortiweb

Timeline

PublishedAug 12

Latest updateSep 25

Description

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortiweb7.0.0 — 7.0.11+3

▶CVEListV5fortinet/fortiweb7.6.0 — 7.6.3+3

🔴Vulnerability Details

CVEList

CVE-2025-52970: A improper handling of parameters in Fortinet FortiWeb versions 7↗2025-08-12

▶

GHSA

GHSA-jc24-hjq6-4g6f: A improper handling of parameters in Fortinet FortiWeb versions 7↗2025-08-12

▶

VulnCheck

Fortinet FortiWeb Improper Handling of Parameters↗2025

▶

💥Exploits & PoCs

Nuclei

Fortinet FortiWeb - Authentication Bypass to Admin Privilege

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Fortinet FortiWeb Out of Bounds Access via HTTP Cookie (CVE-2025-52970)↗2025-09-25

▶

📋Vendor Advisories

Fortinet

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2...↗2025-08-12

▶

Microsoft

MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.↗2025-03-11

▶

🕵️Threat Intelligence

Bleepingcomputer

Researcher to release exploit for full auth bypass on FortiWeb↗2025-08-16

▶

📄Research Papers

CTF

coldboots / README↗2025

▶