CVE-2025-52970
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- June 23, 2025
- Published Date
- August 12, 2025
- Last Updated
- January 14, 2026
- Vendor
- Fortinet
- Product
- FortiWeb
- Description
- A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.
- Tags
- Exploitation
- poc
- Technical Impact
- total
- Exploited in the Wild
- Yes (2025-08-18 14:08:46 UTC) Source
nuclei_scanner
CVSS Scores
CVSS v3.1
7.7 - HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
SSVC Information
Exploit Status
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2025-08-18 14:08:46 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-52970.yaml | 2026-06-01 15:34:42 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nuclei