cbcvebase.
CVE-2025-54659
published 2026-03-10

CVE-2025-54659: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent…

high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port.

Affected

7 ranges
VendorProductVersion rangeFixed in
fortinetfortinet
fortinetfortisoar
fortinetfortisoar_agent_communication_bridge
fortinetfortisoar_agent_communication_bridge
fortinetfortisoar_agent_communication_bridge
fortinetfortisoar_agent_communication_bridge1.0.0 – 1.0.2
fortinetfortisoaragentcommunicationbridge