CVE-2025-53609

Summary

A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb7.6.0 <= 7.6.4affected
FortinetFortiWeb7.4.0 <= 7.4.8affected
FortinetFortiWeb7.2.0 <= 7.2.11affected
FortinetFortiWeb7.0.2 <= 7.0.12affected

Weaknesses

  • CWE-23: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References