A security researcher has disclosed a partial proof of concept exploit for a critical FortiWeb vulnerability (CVE-2025-52970) that enables remote authentication bypass. The flaw allows attackers with active sessions to impersonate any user, including administrators, through cookie manipulation. #FortiWeb #CVE202552970
Keypoints
- The vulnerability affects FortiWeb versions 7.0 to 7.6 and has been patched in later releases.
- The flaw involves an out-of-bounds read in FortiWebโs cookie parsing, which causes the use of a zero secret key for encryption and signing.
- Exploitation requires a user to have an active session and involves brute-forcing a small numeric cookie field.
- The researcher released a partial PoC but plans to publish full details later, allowing time for patch application.
- The severity score of 7.7 may be misleading, as the attack complexity is low and the brute-force process is quick.