cbcvebase.
CVE-2025-61624
published 2026-04-14

CVE-2025-61624: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0…

medium6.5CVSS 3.1
AVNACLPRHUINSUCNIHAH
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
fortinetfortinet
fortinetfortios
fortinetfortios>= 6.4.0 < 7.4.107.4.10
fortinetfortios6.4.0 – 6.4.16
fortinetfortios7.0.0 – 7.0.19
fortinetfortios7.2.0 – 7.2.13
fortinetfortios7.4.0 – 7.4.9
fortinetfortios>= 7.6.0 < 7.6.57.6.5
fortinetfortios7.6.0 – 7.6.4
fortinetfortipam
fortinetfortipam
fortinetfortipam
fortinetfortipam>= 1.0.0 < 1.7.11.7.1
fortinetfortipam1.0.0 – 1.0.3
fortinetfortipam1.1.0 – 1.1.2
fortinetfortipam1.3.0 – 1.3.1
fortinetfortipam1.4.0 – 1.4.3
fortinetfortipam1.5.0 – 1.5.1
fortinetfortipam1.6.0 – 1.6.2
fortinetfortiproxy
fortinetfortiproxy>= 7.0.0 < 7.4.127.4.12
fortinetfortiproxy7.0.0 – 7.0.23
fortinetfortiproxy7.2.0 – 7.2.16
fortinetfortiproxy7.4.0 – 7.4.11
fortinetfortiproxy>= 7.6.0 < 7.6.57.6.5