CVE-2025-52970_CVE-2025-52970

7.7 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C

Description

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.

Basic Information

ID CVE-2025-52970

Source fortinet

Published Aug 12, 2025 at 18:59

Modified Aug 13, 2025 at 15:04

Affected Product

Vendor Fortinet

Product FortiWeb

Version 7.6.0

Affected Versions Fortinet FortiWeb 7.6.0
Fortinet FortiWeb 7.4.0
Fortinet FortiWeb 7.2.0
Fortinet FortiWeb 7.0.0

CWE Classification

CWE-233

References

fortiguard.fortinet.com /psirt/FG-IR-25-448

{
    "lastseen": "",
    "description": "A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.",
    "published": "2025-08-12T18:59:25.817Z",
    "modified": "2025-08-13T15:04:28.736Z",
    "type": "cve",
    "title": "CVE-2025-52970",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-25-448",
    "id": "CVE-2025-52970",
    "bulletinFamily": "",
    "cwe": [
        "CWE-233"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiWeb 7.6.0\nFortinet FortiWeb 7.4.0\nFortinet FortiWeb 7.2.0\nFortinet FortiWeb 7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiWeb",
    "version": "7.6.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}