PR
feat(cve): add CVE-2025-52970 FortiWeb broken access control template
projectdiscovery/nuclei-templates#13172
CVE-2025-52970 FortiWeb Broken Access Control Template
This PR adds a complete Nuclei template for CVE-2025-52970 (FortiWeb Broken Access Control vulnerability).
Vulnerability Details
- CVE: CVE-2025-52970
- Type: Broken Access Control
- Severity: High (CVSS 9.8)
- Affected Versions: FortiWeb <= 7.6.3, <= 7.4.7, <= 7.2.10, and <= 7.0.10
Template Features
- ✅ Complete POC implementation (not version-based detection)
- ✅ Tests actual vulnerability behavior via crafted internal IP headers
- ✅ Multiple internal IP header variations for comprehensive coverage
- ✅ Strong matchers to prevent false positives
- ✅ Comprehensive debug output included
- ✅ Vulnerable instance setup documentation provided
Files Added
http/cves/2025/CVE-2025-52970.yaml- Main templateVULNERABLE_FORTIWEB_SETUP.md- Setup documentationtest-fortiweb-vulnerability.sh- Test scriptmock-vulnerable-fortiweb.py- Mock server for testingCVE-2025-52970-template-submission.md- Comprehensive documentation
Testing
- Template syntax validated with `nuclei -validate`
- Debug output generated with `nuclei -debug`
- Tested against mock vulnerable environment
- Meets all Community Rewards FAQ requirements
References
- https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970
- https://github.com/Hex00-0x4/FortiWeb-CVE-2025-52970-Authentication-Bypass
- https://fortiguard.fortinet.com/psirt/FG-IR-25-448
/claim #13123
Claim
Total prize pool
$100
Total paid
$0
Status
Pending
Submitted
September 09, 2025
Last updated
September 09, 2025
Contributors
BR
Bryan Wills
@bryanwills
Sponsors
PR
ProjectDiscovery
@projectdiscovery
$100