CVE-2025-22859

CWE-234 documents4 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 44.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientemsFortinet Forticlientems Cloud
Timeline
PublishedMay 13

Description

A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDfortinet/forticlientems_cloud7.4.07.4.3
NVDfortinet/forticlientems7.4.07.4.3
CVEListV5fortinet/forticlientems7.4.07.4.1

🔴Vulnerability Details

2
CVEList
CVE-2025-22859: A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 72025-05-13
GHSA
GHSA-q7rh-46fc-x4wh: A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 72025-05-13

📋Vendor Advisories

1
Fortinet
A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 th...2025-05-13
CVE-2025-22859 (MEDIUM CVSS 5.3) | A Relative Path Traversal vulnerabi | cvebase.io