CVE-2025-61624Path Traversal in Fortinet Fortios

CWE-22Path Traversal4 documents4 sources
Severity
6.0MEDIUMNVD
EPSS
0.0%
top 93.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Fortinet FortiosFortinet FortipamFortinet Fortiproxy+1 more
Timeline
PublishedApr 14

Description

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages4 packages

CVEListV5fortinet/fortipam1.6.01.6.2+7
CVEListV5fortinet/fortios7.6.07.6.4+4
CVEListV5fortinet/fortiproxy7.6.07.6.4+3
CVEListV5fortinet/fortiswitchmanager7.2.07.2.7+1

🔴Vulnerability Details

2
CVEList
CVE-2025-61624: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 72026-04-14
GHSA
GHSA-f3vf-64gv-cxr8: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 72026-04-14

📋Vendor Advisories

1
Fortinet
Path Traversal in CLI2026-04-14
CVE-2025-61624 — Path Traversal in Fortinet Fortios | cvebase