Main Vulnerability Database Exploits ID:11951 - Exploit for Improper Handling of Parameters in FortiWeb - CVE-2025-52970

ID:11951 - Exploit for Improper Handling of Parameters in FortiWeb - CVE-2025-52970

Published: September 12, 2025

Vulnerability identifier: #VU113973

Vulnerability risk: High

CVE-ID: CVE-2025-52970

CWE-ID: CWE-233

Exploitation vector: Remote access

Vulnerable software:
FortiWeb

Link to public exploit:

https://github.com/34zY/CVE-2025-52970

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper handling of parameters via invalid parameter. An unauthenticated remote attacker in possession of non-public information (pertaining can both the device and to the targeted user) to log in as any existing user on the device via a specially crafted request.

Remediation

Install update from vendor's website.

ID:11951 - Exploit for Improper Handling of Parameters in FortiWeb - CVE-2025-52970

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human