CVE-2025-61624

MEDIUM

Fortinet FortiOS/FortiProxy/FortiSwitchManager/FortiPAM - Authenticated Path Traversal & Arbitrary File Write via CLI

Title source: llm

Description

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.

References (2)

Core 2

Core References

https://fortiguard.fortinet.com/psirt/FG-IR-26-122

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-975644.html

Scores

CVSS v3 6.0

EPSS 0.0009

EPSS Percentile 25.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (23)

Fortinet/FortiOS 6.4.0 - 6.4.16

fortinet/fortios 6.4.0 - 7.4.10

Fortinet/FortiOS 7.0.0 - 7.0.19

Fortinet/FortiOS 7.2.0 - 7.2.13

Fortinet/FortiOS 7.4.0 - 7.4.9

Fortinet/FortiOS 7.6.0 - 7.6.4

Fortinet/FortiPAM 1.0.0 - 1.0.3

fortinet/fortipam 1.0.0 - 1.7.1

Fortinet/FortiPAM 1.1.0 - 1.1.2

Fortinet/FortiPAM 1.2.0

... and 13 more

Published Apr 14, 2026

Tracked Since Apr 14, 2026