High Threat Security Alert (A25-08-15): Vulnerability in Fortinet FortiWeb


 

Published on: 18 August 2025

Share on Facebook    Share on X   

Description:

Fortinet released security advisories to address a vulnerability in Fortinet FortiWeb. An attacker could exploit the vulnerability by sending specially crafted requests to an affected system.

Report indicated that the security restriction bypass vulnerability (CVE-2025-52970) in FortiWeb has practical exploit code available in the wild. System administrators are advised to take immediate action to upgrade your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • FortiWeb version 7.0.0 through 7.0.10, version 7.2.0 through 7.2.10, version 7.4.0 through 7.4.7, version 7.6.0 through 7.6.3

For detailed information of the affected products, please refer to the section "Affected Products" of corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerability could lead to security restriction bypass of affected system.

 

Recommendation:

Patches for the affected systems are now available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://fortiguard.fortinet.com/psirt/FG-IR-25-448
  • https://www.hkcert.org/security-bulletin/fortinet-fortiweb-security-restriction-bypass-vulnerability_20250818
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52970


Tag: Fortinet , FortiWeb
Tags