CVE-2025-61624 MEDIUM

Published: 2026-04-14 | Last Modified: 2026-05-12 | Status: Modified

Description

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.

CVSS Metrics

Base Score: 6.5 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	HIGH
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.2

Impact Score: 5.2

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-22

Affected Products

Vendor	Product	Version	Update	Type
fortinet	fortios	*	<built-in method update of dict object at 0x7b0704960700>	Operating System
fortinet	fortios	*	<built-in method update of dict object at 0x7b06a554a700>	Operating System
fortinet	fortipam	*	<built-in method update of dict object at 0x7b070c91bf80>	Operating System
fortinet	fortiproxy	*	<built-in method update of dict object at 0x7b0704963dc0>	Application
fortinet	fortiproxy	*	<built-in method update of dict object at 0x7b0704961800>	Application
fortinet	fortiswitchmanager	*	<built-in method update of dict object at 0x7b0704960740>	Application
fortinet	fortiswitchmanager	*	<built-in method update of dict object at 0x7b0704960140>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fortinet:fortios::::::::`
Yes	`cpe:2.3:o:fortinet:fortios::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fortinet:fortipam::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:fortinet:fortiproxy::::::::`
Yes	`cpe:2.3:a:fortinet:fortiproxy::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:fortinet:fortiswitchmanager::::::::`
Yes	`cpe:2.3:a:fortinet:fortiswitchmanager::::::::`

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-122
Source: [email protected]

Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-975644.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e