CVE-2025-52970 PoC — Fortinet FortiWeb 安全漏洞

Source

https://github.com/34zY/CVE-2025-52970

Associated Vulnerability

Title:Fortinet FortiWeb 安全漏洞 (CVE-2025-52970)
Description:A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.

Description

 CVE-2025-52970 - FortiWeb Authentication Bypass to Remote Code Execution Exploit

Readme

# CVE-2025-52970
FortiWeb Authentication Bypass to Remote Code Execution Exploit 

# Features

- [X] Weaponized by adding interactive shell to enable remote code execution

# Usage
```bash
python CVE-2025-52970.py -t target.com
```

# Demo

<img width="717" height="951" alt="image" src="https://github.com/user-attachments/assets/9e33eaa6-f6fc-44be-bded-ef305c9ade4b" />

# References

https://github.com/Hex00-0x4/FortiWeb-CVE-2025-52970-Authentication-Bypass


# Disclaimer

This proof of concept is for educational purposes only, I'm not responsible for any bad uses.

File Snapshot


 [4.0K]  /data/pocs/30b9f315d46242a81fad12b94d886158ab35ea2d
├── [5.3K]  CVE-2025-52970.py
└── [ 572]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!