Vulnerability in Fortinet Fortiweb
CVE-2025-52970
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining…
EPSS: 0.228 (96.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C.
Affected products
- Fortinet Fortiweb — versions 7.6.0, 7.4.0, 7.2.0
Weakness classification (CWE)
Public proof-of-concept exploits
- Hex00-0x4/FortiWeb-CVE-2025-52970-Authentication-Bypass
- 34zY/CVE-2025-52970
- PuddinCat/GithubRepoSpider
- defronixpro/Defronix-Cybersecurity-Roadmap
- fkie-cad/nvd-json-data-feeds
- ARPSyndicate/cve-scores
- nomi-sec/PoC-in-GitHub
- thexnumb/thexwriteup
- imbas007/POC-CVE-2025-52970
- IamAlch3mist/Awesome-Embedded-Systems-Vulnerability-Research
References
Frequently asked questions
- What is CVE-2025-52970?
- CVE-2025-52970 is a high-severity vulnerability in Fortinet Fortiweb, classified under CWE-233. CVSS score: 7.7/10. Published 2025-08-12.
- How severe is CVE-2025-52970?
- High severity. CVSS v3 base score is 7.7 out of 10.
- Is CVE-2025-52970 known to be exploited?
- 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.