CVE-2025-52970HIGH 8.1EPSS p95.2%

CVE-2025-52970CVE-2025-52970

Description

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS10.67% probability of exploitation · percentile 95.2% · 2026-06-18T12:00:27Z
Published2025-08-12
Last modified2025-08-15

Underlying weaknesses· 1

CWE-233

References

  1. https://fortiguard.fortinet.com/psirt/FG-IR-25-448
  2. https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970

1

TypeTargetConfidenceTier
WeaknessImproper Handling of Parameterscwe-2330%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-22256
CVE
CVE-2025-47855
CVE
CVE-2025-49201
CVE
CVE-2025-54820
CVE
CVE-2025-64447
CVE
CVE-2025-53847
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.