CVE-2025-52970

HIGH

Published 2025-08-12T18:59:25.817Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-52970. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

7.7

/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C

Base Score Metrics

Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Description

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.

Available Exploits

No exploits available for this CVE.

Related News

Fortinet FortiWeb Security Restriction Bypass Vulnerability

A vulnerability has been identified in Fortinet FortiWeb. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system. Note: Proof of Concept exploit code Is publicly available for CVE-2025-52970. The …

Hkcert.org 2025-08-18 01:00

Affected Products

Fortinet

FortiWeb

Affected Versions:

7.6.0 7.4.0 7.2.0 7.0.0

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Affected Products (ENISA)

fortinet

fortiweb

ENISA Scoring

CVSS Score (3.1)

7.7

/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C

EPSS Score

0.320

probability

ENISA References

https://fortiguard.fortinet.com/psirt/FG-IR-25-448

Data provided by ENISA EU Vulnerability Database. Last updated: August 18, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-jc24-hjq6-4g6f

Advisory Details

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-52970

WEB https://fortiguard.fortinet.com/psirt/FG-IR-25-448

WEB https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970

Advisory provided by GitHub Security Advisory Database. Published: August 12, 2025, Modified: August 14, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

6 posts

Reddit • 3 days, 22 hours ago

crstux

Exploit

🔥 Top 10 Trending CVEs (19/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2024-42057](https://nvd.nist.gov/vuln/detail/CVE-2024-42057)** - 📝 A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, …

Also mentions: CVE-2025-8876 CVE-2025-8875 CVE-2025-53770 CVE-2025-25257 CVE-2025-29824 CVE-2024-37085 CVE-2024-21096 CVE-2024-42057 CVE-2023-20269

2.0

View Original High Risk

Reddit • 4 days, 22 hours ago

crstux

Exploit

🔥 Top 10 Trending CVEs (18/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-8091](https://nvd.nist.gov/vuln/detail/CVE-2025-8091)** - 📝 The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to …

Also mentions: CVE-2025-8091 CVE-2025-25256 CVE-2025-8088 CVE-2025-21479 CVE-2025-31324 CVE-2025-30712 CVE-2025-26633 CVE-2024-29847 CVE-2024-39884 CVE-2024-40725

2.0

View Original High Risk

Reddit • 1 week ago

crstux

Exploit

🔥 Top 10 Trending CVEs (15/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-50167](https://nvd.nist.gov/vuln/detail/CVE-2025-50167)** - 📝 Windows Hyper-V Elevation of Privilege Vulnerability - 📅 **Published:** 12/08/2025 - 📈 **CVSS:** 7 - 🧭 **Vector:** CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C - 📣 **Mentions:** 2 - ⚠️ **Priority:** 2 - 📝 …

Also mentions: CVE-2025-20265 CVE-2025-25256 CVE-2025-50167 CVE-2025-50154 CVE-2025-53773 CVE-2025-8088 CVE-2025-8356 CVE-2025-8355

1.0

View Original High Risk

Reddit • 1 week, 1 day ago

crstux

Exploit

🔥 Top 10 Trending CVEs (14/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53773](https://nvd.nist.gov/vuln/detail/CVE-2025-53773)** - 📝 GitHub Copilot and Visual Studio Remote Code Execution Vulnerability - 📅 **Published:** 12/08/2025 - 📈 **CVSS:** 7.8 - 🧭 **Vector:** CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C - 📣 **Mentions:** 10 - ⚠️ **Priority:** …

Also mentions: CVE-2025-50154 CVE-2025-53773 CVE-2025-8088 CVE-2025-8356 CVE-2025-8355 CVE-2025-6558 CVE-2025-6543 CVE-2025-32433 CVE-2024-53141

1.0

View Original High Risk

Reddit • 1 week, 2 days ago

digicat

FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970)

4.0

View Original

Reddit • 1 week, 3 days ago

pwntheplanet

FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970)

20.0

View Original

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-448

Published: 2025-08-12T18:59:25.817Z

Last Modified: 2025-08-14T18:28:51.328Z

Copied to clipboard!

CVE-2025-52970

Expert Analysis

CVSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

FortiWeb

Affected Versions:

EU Vulnerability Database

EU Coordination

Exploitation Status

EUVD ID

ENISA Analysis

Affected Products (ENISA)

ENISA Scoring

CVSS Score (3.1)

EPSS Score

ENISA References

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

Social Media Intelligence

References

Request Analysis

What to expect

Request Received!