A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication.

The flaw was reported responsibly to Fortinet and is now tracked as CVE-2025-52970. Fortinet released a fix on August 12.

Security researcher Aviv Y named the vulnerability FortMajeure and describes it as a "silent failure that wasn’t meant to happen." Technically, it is an out-of-bounds read in FortiWeb’s cookie parsing that lets an attacker set the Era parameter to an unexpected value.

This causes the server to use an all-zero secret key for session encryption and HMAC signing, making forged authentication cookies trivial to create.

Exploitation results in a full authentication bypass, letting the

See Full Page