CVE-2025-53609 — Relative Path Traversal in Fortinet Fortiweb

CWE-23 — Relative Path Traversal4 documents4 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 70.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiweb

Timeline

PublishedSep 9

Description

A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDfortinet/fortiweb7.0.2 — 7.2.12+2

▶CVEListV5fortinet/fortiweb7.6.0 — 7.6.4+3

🔴Vulnerability Details

CVEList

CVE-2025-53609: A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7↗2025-09-09

▶

GHSA

GHSA-9rc9-f47x-pvpx: A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7↗2025-09-09

▶

📋Vendor Advisories

Fortinet

A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2...↗2025-09-09

▶