CVE-2025-22859
published 2025-05-13CVE-2025-22859: A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | forticlientems | — | — |
| fortinet | forticlientems | >= 7.4.0 < 7.4.3 | 7.4.3 |
| fortinet | forticlientems | 7.4.0 – 7.4.1 | — |
| fortinet | forticlientems_cloud | >= 7.4.0 < 7.4.3 | 7.4.3 |
| fortinet | forticlientemscloud | — | — |