CVE-2025-25254

Summary

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated admin to access and modify the filesystem via crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb7.6.0 <= 7.6.2affected
FortinetFortiWeb7.4.0 <= 7.4.6affected
FortinetFortiWeb7.2.0 <= 7.2.11affected
FortinetFortiWeb7.0.0 <= 7.0.11affected

Weaknesses

  • CWE-22: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References