Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-52970

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.

Published

2025-08-12T19:15:32.277

Last Modified

2025-08-15T12:26:38.300

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-233

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortiweb	< 7.0.11	Yes
Application	fortinet	fortiweb	< 7.2.11	Yes
Application	fortinet	fortiweb	< 7.4.8	Yes
Application	fortinet	fortiweb	< 7.6.4	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-448 Vendor Advisory ([email protected])
https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970 Exploit, Third Party Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)