{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T04:27:58.919","vulnerabilities":[{"cve":{"id":"CVE-2025-52970","sourceIdentifier":"psirt@fortinet.com","published":"2025-08-12T19:15:32.277","lastModified":"2025-08-15T12:26:38.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request."},{"lang":"es","value":"Un manejo inadecuado de los parámetros en Fortinet FortiWeb versiones 7.6.3 y anteriores, versiones 7.4.7 y anteriores, versiones 7.2.10 y anteriores, y 7.0.10 y anteriores puede permitir que un atacante remoto no autenticado con información no pública perteneciente al dispositivo y al usuario objetivo obtenga privilegios de administrador en el dispositivo a través de una solicitud especialmente manipulada."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-233"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.11","matchCriteriaId":"7E739890-CFEA-4B7B-B78D-8CC8157BDF54"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.11","matchCriteriaId":"B642678E-4E31-4A6B-A791-ACD5D332B175"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.8","matchCriteriaId":"CA8DE17C-1756-4B18-A956-A52CFA0967B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.4","matchCriteriaId":"2B739434-1979-43F9-AEC1-D287B1BCA5CA"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-25-448","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}