CVE-2025-52970

HIGH

CVSS v3

8.1

HIGH

EPSS Score

28.8%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.

Technical Details

Published
8/12/2025

Frequently Asked Questions

What is CVE-2025-52970?

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.

Is CVE-2025-52970 actively exploited?

Active exploitation of CVE-2025-52970 has not been confirmed. The EPSS score is 28.8%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2025-52970?

CVE-2025-52970 has a CVSS v3 base score of 8.1 (HIGH severity).

Is CVE-2025-52970 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.