CVE-2025-25254

High CVSS 7.2

Overview

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated admin to access and modify the filesystem via crafted requests.

CWE: CWE-22 Published: 2025-04-08T14:15:32.857

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.2 (HIGH)
Detected tags: path (tag impact: MODERATE)

Recommended actions:

Canonicalize path; block `..` traversal; use allowlists.

Overview

Recommended tools

Tags