CVE-2025-52970

HIGH EXPLOITED NUCLEI

Fortinet FortiWeb <7.6.3 - Privilege Escalation

Title source: llm

Description

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.

Exploits (3)

nomisec WORKING POC 9 stars

by Hex00-0x4 · poc

https://github.com/Hex00-0x4/FortiWeb-CVE-2025-52970-Authentication-Bypass

View Code ZIP pw:eip

nomisec WORKING POC 8 stars

by 34zY · remote

https://github.com/34zY/CVE-2025-52970

View Code ZIP pw:eip

github WORKING POC

by imbas007 · pythonremote

https://github.com/imbas007/POC-CVE-2025-52970

View Code ZIP pw:eip

Nuclei Templates (1)

Fortinet FortiWeb - Authentication Bypass to Admin Privilege

HIGHVERIFIEDby Sourabh-Sahu

Shodan: http.title:"FortiWeb" || http.title:"Fortinet"

FOFA: app="Fortinet-FortiWeb"

References (2)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-25-448

[Exploit, Third Party Advisory] https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970

Scores

CVSS v3 8.1

EPSS 0.2202

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-09-04

CWE

CWE-233

Status published

Products (1)

fortinet/fortiweb 7.0.0 - 7.0.11

Published Aug 12, 2025

Tracked Since Feb 18, 2026