Table of Contents

    About the Author

    Security Advisory

    Security Advisory

    The CyberMaxx team publishes weekly security advisories based on data and research found in the wild.

    More Articles

    Get Our Blogs Directly to Your Inbox, Every Friday

    Additional Resources:

    Windows 10 End of Life: Critical Security & Compliance Risks for IT Teams After October 2025

    Windows 10 End of Life: Critical Security & Compliance Risks for IT Teams After October 2025

    Cybersecurity News

    2 min read

    Security Advisory: Weekly Advisory August 13th, 2025

    Security Advisory: Weekly Advisory August 13th, 2025

    Cybersecurity News

    3 min read

    What We Know

    Fortinet has released patches for a vulnerability in its FortiWeb Web Application Firewall (WAF) tracked as CVE-2025-52970. Exploitation allows an unauthenticated attacker to log in as any existing user on the device via a specially crafted request. Of note, a partial proof of concept and detailed explanation of the vulnerability exists publicly, and exploitation in the wild is expected.

    If exploited, an attacker may be granted the opportunity to create persistent access to an environment as well as potentially execute code on the host. CyberMaxx urges upgrading affected versions to their latest patch level to ensure protection against exploitation.

    Affected Versions

    Version Affected Solution
    FortiWeb 8.0 Not affected Not Applicable
    FortiWeb 7.6 7.6.0 through 7.6.3 Upgrade to 7.6.4 or above
    FortiWeb 7.4 7.4.0 through 7.4.7 Upgrade to 7.4.8 or above
    FortiWeb 7.2 7.2.0 through 7.2.10 Upgrade to 7.2.11 or above
    FortiWeb 7.0 7.0.0 through 7.0.10 Upgrade to 7.0.11 or above

    More Reading / Information