Fortinet FortiWeb Security Restriction Bypass Vulnerability

Release Date: 18 Aug 2025

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

A vulnerability has been identified in Fortinet FortiWeb. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system.

 

Note:

Proof of Concept exploit code Is publicly available for CVE-2025-52970. The vulnerability may allow an unauthenticated remote attacker in possession of non-public information (pertaining to both the device and to the targeted user) to log in as any existing user on the device via a specially crafted request.

---

Impact

• Security Restriction Bypass

---

System / Technologies affected

• FortiWeb 7.6 version 7.6.0 through 7.6.3
• FortiWeb 7.4 version 7.4.0 through 7.4.7
• FortiWeb 7.2 version 7.2.0 through 7.2.10
• FortiWeb 7.0 version 7.0.0 through 7.0.10

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://fortiguard.fortinet.com/psirt/FG-IR-25-448

---

Vulnerability Identifier

• CVE-2025-52970

---

Source

• Fortinet

---

Related Link

• https://fortiguard.fortinet.com/psirt/FG-IR-25-448