CVE-2025-25254 Information

Description

An Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability [CWE-22] in FortiWeb version 7.6.2 and below version 7.4.6 and below 7.2 all versions 7.0 all versions endpoint may allow an authenticated admin to access and modify the filesystem via crafted requests.

Reference

https://fortiguard.fortinet.com/psirt/FG-IR-24-474