CVE-2025-52970
HIGHCVSS v3
8.1
HIGH
EPSS Score
28.8%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.
Technical Details
- Published
- 8/12/2025
Frequently Asked Questions
What is CVE-2025-52970?
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.
Is CVE-2025-52970 actively exploited?
Active exploitation of CVE-2025-52970 has not been confirmed. The EPSS score is 28.8%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2025-52970?
CVE-2025-52970 has a CVSS v3 base score of 8.1 (HIGH severity).
Is CVE-2025-52970 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.