AI description
CVE-2025-52970 is a critical authentication bypass vulnerability affecting Fortinet's FortiWeb web application firewall. It stems from improper parameter handling in the application's cookie parsing mechanism. The vulnerability allows unauthenticated remote attackers to impersonate any existing user on affected systems. The vulnerability exploits an out-of-bounds read issue in FortiWeb's cookie handling code, enabling attackers to force the server to use a predictable, all-zero secret key for session encryption and signing. By manipulating the "Era" parameter in session cookies to values between 2 and 9, attackers can trigger the out-of-bounds read that forces the system to use compromised encryption keys.
- Description
- A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortiweb
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- psirt@fortinet.com
- CWE-233
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
7
Actor mass exploiting CVE-2025-52970 (FortiWeb Authentication Bypass) from 94.254.26.101 🇸🇪( Bahnhof AB ) VirusTotal Detections: 0/95 🟢 This IP hit multiple FortiWeb honeypots with similar exploit payloads https://t.co/PXgVzZHruM
@DefusedCyber
2 Oct 2025
2597 Impressions
8 Retweets
44 Likes
13 Bookmarks
2 Replies
1 Quote
Actor exploiting CVE-2025-52970 (FortiWeb Authentication Bypass) from 114.221.24.129 🇨🇳( Chinanet ) VirusTotal Detections: 0/95 🟢 This vulnerability has not yet entered the known exploitation on e.g. CISA, however we have seen this being exploited since late August h
@DefusedCyber
30 Sept 2025
32612 Impressions
38 Retweets
127 Likes
59 Bookmarks
2 Replies
5 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-53770 2 - CVE-2025-9132 3 - CVE-2025-38494 4 - CVE-2020-14883 5 - CVE-2025-52970 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
22 Sept 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970) https://t.co/lVbCIPCZ3h
@Dinosn
21 Sept 2025
5139 Impressions
9 Retweets
55 Likes
17 Bookmarks
0 Replies
1 Quote
Top 5 Trending CVEs: 1 - CVE-2024-11477 2 - CVE-2025-52970 3 - CVE-2024-30088 4 - CVE-2025-24252 5 - CVE-2025-5958 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
7 Sept 2025
250 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New Templates Bounty Issue 💰 CVE-2025-52970 - Fortinet FortiWeb - Broken Access Control 💰 👾 Issue: https://t.co/feLYFBpzPY #bugbounty #NucleiTemplates #cve #opensource
@pdnuclei
7 Sept 2025
1794 Impressions
4 Retweets
22 Likes
12 Bookmarks
0 Replies
0 Quotes
🚨 Critical Fortinet FortiWeb vulnerability (CVE-2025-52970) addressed in our latest WAF update! We’ve proactively disabled a detection rule to prevent false positives while you update. Protect your systems – upgrade to the latest vendor version ASAP! 🛡️ https://t.co/
@mveracf
3 Sept 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-52970:Authentication Bypass Via Invalid Parameter in Fortinet FortiWeb 🧐Deep Dive :https://t.co/vGeHhtxiXA 📊56.3K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/4mKlSVksBh 👇Query HUNTER : https://t.co/rraPTp
@HunterMapping
26 Aug 2025
6100 Impressions
46 Retweets
107 Likes
33 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-38236 2 - CVE-2025-52970 3 - CVE-2025-3305 4 - CVE-2023-44487 5 - CVE-2025-54253 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
25 Aug 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
N-Day Alert 🚨 Actor mass exploiting a partially unreleased FortiWeb vulnerability (CVE-2025-52970) 103.172.81.140 🇭🇰 AS 146961 ( NEXET LIMITED ) 0/94 VirusTotal detections Expect heavy exploitation in near term. This vulnerability does NOT have a public POC to d
@DefusedCyber
24 Aug 2025
1632 Impressions
4 Retweets
21 Likes
10 Bookmarks
2 Replies
0 Quotes
Totally missed this but looks like someone was hitting the attack path for CVE-2025-52970 on Friday. This is a FortiWeb vulnerability with partially redacted details but maybe someone reversed and built their own POC? cc @0x_shaq https://t.co/FF5SLnIQS2
@SimoKohonen
24 Aug 2025
1949 Impressions
3 Retweets
16 Likes
5 Bookmarks
1 Reply
0 Quotes
Trywialna podatność w FortiWeb Fabric Connector pozwalająca na obejście uwierzytelniania – FortMajeure 💣 Odkryto lukę w FortiWeb Fabric Connector i opublikowano szczegóły podatności FortMajeure (CVE-2025-52970) 💣 Podatność pozwala na obejście uwierzytelniania
@Sekurak
21 Aug 2025
2397 Impressions
2 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
Vulnerabilidad crítica en FortiWeb permite acceso remoto sin credenciales FortMajeure (CVE-2025-52970) afecta a FortiWeb por lectura fuera de límites en cookies. Más información: https://t.co/LvbClRj6bD https://t.co/v5sr5OZrM2
@CSIRT_Telconet
18 Aug 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Múltiples vulnerabilidades en productos Fortinet ❗CVE-2025-25256 ❗CVE-2024-26009 ❗CVE-2025-52970 ➡️Más info: https://t.co/jyDzg1wpbv https://t.co/bJyIADpbEE
@CERTpy
18 Aug 2025
127 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-32778 2 - CVE-2025-8875 3 - CVE-2025-8088 4 - CVE-2025-52970 5 - CVE-2025-26633 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
18 Aug 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 It's a disaster at Fortinet! After the critical FortiSIEM flaw being exploited, now FortiWeb ( CVE-2025-52970)faces an authentication bypass. Update urgently! 🔐 https://t.co/sydiaLv99B #CyberSec #Fortinet
@_F2po_
18 Aug 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️FortiWebの認証バイパスを可能にするエクスプロイト、研究者がリリース予定:CVE-2025-52970 💸40ドルで購入可能?FBIなど政府/法執行機関の正規メールアカウントがダークウェブ上で出回る 〜サイバーセ
@MachinaRecord
18 Aug 2025
194 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
FortiWebの認証バイパス脆弱性で部分的なPoCが公開-CVE-2025-52970 実運用では即時アップデートを #セキュリティ対策Lab #セキュリティ #Security https://t.co/T0Nv2XnsHl
@securityLab_jp
18 Aug 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortiWebの認証回避脆弱性"FortMajeure" (CVE-2025-52970)に対応する部分的PoC(攻撃の概念実証コード)が公表された。悪用には標的ユーザが有効なセッションを保持しており、かつ攻撃者は小さい数の数値フィールド
@__kokumoto
17 Aug 2025
1226 Impressions
2 Retweets
8 Likes
4 Bookmarks
0 Replies
0 Quotes
A security researcher revealed a partial exploit for CVE-2025-52970 in FortiWeb, enabling remote authentication bypass through an out-of-bounds read, allowing forged cookies. Impacting versions 7.0-7.6, fixed in later releases. #Security https://t.co/EovHxZOsRY
@Strivehawk
17 Aug 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟥 #FortiNet'te Admin ele geçirildi: #FortiWeb 🔷 CVE-2025-52970 🔷 dair kısmi bir PoC (proof of concept – kavram kanıtı) yayınlandı... 🔎 Teknik ayrıntılar için: https://t.co/73hIbS4Pld https://t.co/HpDg5ZZwUW
@KeremAbadi
17 Aug 2025
227 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨🔧 PATCH ALERT – FortiWeb auth bypass exploit live CVE-2025-52970 → Cookie parsing flaw lets attackers forge “Era” cookies and impersonate admins w/out creds. ⚠️ Impact: FortiWeb versions 7.0–7.6 exposed 🛡 Fix: Patch now to 7.0.11 / 7.2.11 / 7.4.8 / 7.6.
@Newtalics
17 Aug 2025
59 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2010-5139 2 - CVE-2025-53783 3 - CVE-2025-26633 4 - CVE-2025-31324 5 - CVE-2025-52970 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
17 Aug 2025
143 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Researcher to release exploit for full auth bypass on FortiWeb (CVE-2025-52970) https://t.co/7mBuhhXMbU #patchmanagement
@eyalestrin
17 Aug 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【FortiWeb認証バイパス脆弱性】FortiWebのWebアプリケーションファイアウォールに完全な認証バイパスを可能にする重大な脆弱性CVE-2025-52970が発見され、研究者が部分的な概念実証エクスプロイトを公開した。
@nakajimeeee
17 Aug 2025
325 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
Researcher reveals exploit for FortiWeb vulnerability CVE-2025-52970 allowing remote auth bypass via cookie manipulation in versions 7.0 to 7.6. Patch available in later releases. #Fortinet #AuthBypass #USA https://t.co/8yGhBpLaHa
@TweetThreatNews
16 Aug 2025
105 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Authentication Bypass in FortiWeb (CVE-2025-52970) writeup and PoC https://t.co/u1cyJF7drg
@S0ufi4n3
16 Aug 2025
536 Impressions
3 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
FortiWebの脆弱性CVE-2025-52970が発見され、リモート攻撃者が認証をバイパスできることが判明。研究者は「FortMajeure」と名付け、攻撃にはアクティブなセッションが必要。Fortinetは8月12日に修正をリリースしたが
@cyber_edu_jp
16 Aug 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-52970: How I turned a limited, blind OOB read primitive into a full authentication bypass in one of Fortinet’s products Write-up/PoC: https://t.co/TNO4SrtoDC https://t.co/8wBLECG1S9
@DarkWebInformer
16 Aug 2025
6105 Impressions
17 Retweets
66 Likes
21 Bookmarks
3 Replies
0 Quotes
FortMajeure: Auth Bypass in FortiWeb (CVE-2025-52970) This vuln is exploitable via two routes: - Impersonation of an admin user in a REST endpoint /api/v2.0/system/status.systemstatus - /ws/cli/open for opening a connection to the FortiWeb CLI Decoy drop for this tomorrow! h
@DefusedCyber
16 Aug 2025
432 Impressions
3 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes
#exploit 1⃣ CVE-2025-52970: Authentication Bypass in FortiWeb - https://t.co/W2bRs1mcq9 2⃣ CVE-2025-54887: Ruby-JWE Authentication Tag can be brute forced - https://t.co/y7gwM0JVff 3⃣ CVE-2025-7202: CSRF in Elgato's Key Lights and related light products -
@ksg93rd
15 Aug 2025
95 Impressions
0 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970) https://t.co/5iGsjgiCIE https://t.co/1VtuD8b55E
@secharvesterx
13 Aug 2025
86 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Dropped a new blogpost. CVE-2025-52970: how I turned a limited, blind OOB read primitive into a full authentication bypass in one of Fortinet’s products :) https://t.co/wNmA6gRs0T
@0x_shaq
13 Aug 2025
16998 Impressions
69 Retweets
301 Likes
137 Bookmarks
8 Replies
4 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E739890-CFEA-4B7B-B78D-8CC8157BDF54",
"versionEndExcluding": "7.0.11",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B642678E-4E31-4A6B-A791-ACD5D332B175",
"versionEndExcluding": "7.2.11",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA8DE17C-1756-4B18-A956-A52CFA0967B9",
"versionEndExcluding": "7.4.8",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B739434-1979-43F9-AEC1-D287B1BCA5CA",
"versionEndExcluding": "7.6.4",
"versionStartIncluding": "7.6.0"
}
],
"operator": "OR"
}
]
}
]