CVE-2025-52970
Published: 12 August 2025
Summary
CVE-2025-52970 is a high-severity Improper Handling of Parameters (CWE-233) vulnerability in Fortinet Fortiweb. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 4.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by identifying, prioritizing, and applying patches to remediate the improper parameter handling flaw in affected FortiWeb versions.
Requires validation of information inputs, directly countering the improper handling of parameters that enables specially crafted requests to escalate privileges.
Enforces approved access authorizations, helping to block unauthorized privilege escalation even if parameters are mishandled.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated remote exploitation of a public-facing FortiWeb management interface to obtain full administrative access.
NVD Description
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user…
more
to gain admin privileges on the device via a specially crafted request.
Deeper analysisAI
CVE-2025-52970 is an improper handling of parameters vulnerability affecting Fortinet FortiWeb web application firewall in versions 7.6.3 and below, 7.4.7 and below, 7.2.10 and below, and 7.0.10 and below. This flaw, mapped to CWE-233, enables potential exploitation through specially crafted requests and carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, high attack complexity, and potential for high confidentiality, integrity, and availability impacts.
An unauthenticated remote attacker possessing non-public information about the targeted FortiWeb device and user can exploit this vulnerability to gain administrative privileges on the device. The attack requires knowledge of specific device and user details, increasing the complexity (reflected in the AC:H vector), but successful exploitation grants full admin access without prior privileges.
Fortinet's advisory FG-IR-25-448 provides details on mitigation, including available patches for affected versions. Additional technical analysis is available in the pwner.gg blog post at https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970. Security practitioners should consult these resources for upgrade paths and workarounds.
Details
- CWE(s)