■■■□□ A critical security vulnerability in Fortinet’s FortiWeb web application firewall has been discovered that allows unauthenticated attackers to bypass authentication and impersonate any existing user on affected devices.
The flaw, tracked as CVE-2025-52970 and dubbed “Fort-Majeure” by its discoverer, stems from improper parameter handling in the application’s cookie parsing mechanism.
FortiWeb Authentication Bypass Vulnerability Allows Logins as Any Existing User