Researcher to release exploit for full auth bypass on FortiWeb

A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication. The flaw was reported responsibly to Fortinet and is now tracked as CVE-2025-52970. Fortinet released a fix on August 12. Security researcher Aviv Y named the vulnerability FortMajeure and describes it as a “silent failure that wasn’t meant to happen.” Technically, it is an out-of-bounds read in FortiWeb’s cookie parsing that lets an attacker set the Era parameter to an unexpected value.

The issue impacts FortiWeb 7.0 to 7.6, and was fixed in the below versions:

• FortiWeb 7.6.4 and later
• FortiWeb 7.4.8 and later
• FortiWeb 7.2.11 and later
• FortiWeb 7.0.11 and later

To read the complete article see: Bleeping Computer.