Security researcher discloses full authentication bypass exploit for Fortinet’s FortiWeb application firewall.
Posted inCybersecurity News

Security researcher discloses full authentication bypass exploit for Fortinet’s FortiWeb application firewall.

A security researcher has disclosed a critical vulnerability in Fortinet's FortiWeb web application firewall that enables complete authentication bypass, allowing attackers to impersonate any user, including administrators. The flaw, designated CVE-2025-52970 and nicknamed "FortMajeure," represents a significant security concern for organizations relying on FortiWeb for web application protection.
Fortinet’s FortiWeb, a widely deployed web application firewall (WAF) solution, is currently under active exploitation following release of proof-of-concept exploits.
Posted inCybersecurity News

Fortinet’s FortiWeb, a widely deployed web application firewall (WAF) solution, is currently under active exploitation following release of proof-of-concept exploits.

Fortinet’s FortiWeb, a widely deployed web application firewall (WAF) solution, is currently under active exploitation after attackers began targeting a recently disclosed critical vulnerability. Tracked as CVE-2025-25257, the flaw enables unauthenticated remote code execution (RCE) and has been weaponized by threat actors following the public release of proof-of-concept (PoC) exploits on July 11, 2025.