CVE-2025-53609

MEDIUM

FortiWeb <7.6.4-7.2.11-7.0.11 - Path Traversal

Title source: llm

Description

A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests.

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-25-512

Scores

CVSS v3 4.9

EPSS 0.0010

EPSS Percentile 27.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-23

Status published

Products (1)

fortinet/fortiweb 7.0.2 - 7.2.12

Published Sep 09, 2025

Tracked Since Feb 18, 2026