Main Vulnerability Database Exploits ID:11901 - Exploit for Improper Handling of Parameters in FortiWeb - CVE-2025-52970

ID:11901 - Exploit for Improper Handling of Parameters in FortiWeb - CVE-2025-52970

Published: August 29, 2025

Vulnerability identifier: #VU113973

Vulnerability risk: High

CVE-ID: CVE-2025-52970

CWE-ID: CWE-233

Exploitation vector: Remote access

Vulnerable software:
FortiWeb

Link to public exploit:

https://github.com/Hex00-0x4/FortiWeb-CVE-2025-52970-Authentication-Bypass

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper handling of parameters via invalid parameter. An unauthenticated remote attacker in possession of non-public information (pertaining can both the device and to the targeted user) to log in as any existing user on the device via a specially crafted request.

Remediation

Install update from vendor's website.

ID:11901 - Exploit for Improper Handling of Parameters in FortiWeb - CVE-2025-52970

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human