FortiWeb Authentication Bypass Vulnerability
FortiWeb Authentication Bypass Vulnerability
FortiWeb Authentication Bypass Vulnerability
Severity: HIGH (CVE-2025-52970)
CVSS v3.0 Score : 7.7
Information
FortiWeb is a Web Application Firewall (WAF) solution designed to protect web applications and APIs from attacks such as cross-site scripting (XSS), SQL injection, bot attacks, DDoS (distributed denial of service) and other online threats.
Incident
A improper handling of parameters in Fortinet FortiWeb versions 7.6.0 through 7.6.3, versions 7.4.0 through 7.4.7, versions 7.2.0 through 7.2.10, and 7.0.0 through 7.0.10 may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.
Recommendation
- Versions 7.6.0 through 7.6.3 Upgrade to 7.6.4 or above
- Versions 7.4.0 through 7.4.7 Upgrade to 7.4.8 or above
- Versions 7.2.0 through 7.2.10 Upgrade to 7.2.11 or above
- Versions 7.0.0 through 7.0.10 Upgrade to 7.0.11 or above
The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
061 387 9439 (Ms.Sirilak)
092 257 6902 (Ms.Narusorn)
063 197 7510 (Mr.Yanotai)
065 725 7405 (Ms.Chanuntida)
065 725 7405 (Ms.Nattharini)
References
- https://fortiguard.fortinet.com/psirt/FG-IR-25-448
- https://nvd.nist.gov/vuln/detail/CVE-2025-52970
- https://www.i-secure.co.th/2023/02/fortinet-/
Weekly Interesting CVE
| NO. |
CVE Name |
Published Date |
Last Update |
Device/Appplication/OS Target |
Attack Type |
CVSS |
Detail |
Solution |
Reference |
|---|---|---|---|---|---|---|---|---|---|
| 1 |
CVE‑2025‑5821 |
23/8/2025 |
23/8/2025 |
Case Theme User Plugin for WordPress |
Authentication Bypass |
9.8 |
The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_callback(). This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site, and access to the administrative user's email. |
Update to version higher than 1.0.3 or latest version |
|
| 2 |
CVE-2025-9074 |
20/8/2025 |
22/8/2025 |
Docker Desktop |
Privilege Escalation |
9.3 |
critical vulnerability in Docker Desktop allowing local containers to access the Docker Engine API through the subnet without authentication, regardless of ECI or expose daemon settings |
upgrading to version 4.44.3 or newer |
|
| 3 |
CVE-2025-1275 |
15/4/2025 |
19/8/2025 |
Autodesk |
Heap-Based Overflow |
7.8 |
heap-based overflow vulnerability in certain Autodesk applications, triggered by a maliciously crafted JPG file being linked or imported. The effects include crashing the application, reading sensitive data, or enabling execution of arbitrary code within the current process context. |
Update latest version |
https://nvd.nist.gov/vuln/detail/CVE-2025-1275
|
| 4 |
CVE-2025-43300 |
20/8/2025 |
22/8/2025 |
iOS / iPadOS/macOS |
out-of-bounds write |
8.8 |
An out-of-bounds write flaw in Apple’s Image I/O framework, used to process image files. Processing a crafted malicious image may lead to memory corruption, enabling arbitrary code execution, potential full device compromise, data theft, surveillance, or remote control |
Update latest version |
|
| 5 |
CVE-2024-20377 |
8/11/2023 |
25/8/2025 |
Cisco Firepower Management Center |
Cross-Site Scripting (XSS) |
5.4 |
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to the web-based management interface not properly validating user-supplied input. An attacker could exploit this vulnerability by by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. |
Update latest version |
https://app.opencve.io/cve/CVE-2024-20377 |
Malware News or Campaign IOC/IOA | EN
|
No |
Campaign Name |
Detection Date |
Attack Type |
Description |
Mitigation/Remediation |
|---|---|---|---|---|---|
| 1 |
New Android malware poses as antivirus from Russian intelligence agency |
24/08/2025 |
Fake-Antivirus, Phishing Attack, Backdorr |
A new Android malware disguises itself as an antivirus program, falsely claiming to be software developed by the Russian intelligence agency (FSB).It was first discovered in January 2025 and continues to appear in new versions, indicating ongoing development by the attackers. The fake app is distributed through private messages in chat applications, pretending to be an antivirus called "GuardCB", with an icon resembling the emblem of the Russian Central Bank, set against a shield background referencing the FSB, such as “SECURITY_FSB” or “FSB.” Once installed, this malware requests permissions to access camera streams, audio, screen recording, and to steal messages, contacts, call logs, location data, and image files. It also has self-protection mechanisms to prevent removal. Researchers report that this is a targeted threat under continuous development, equipped with a full set of tools to spy directly on Russian business groups. |
|
02 September 2025
Viewed 141 time
