CVE-2025-22859

Medium CVSS 5.3

Overview

A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests.

CWE: CWE-23 Published: 2025-05-13T15:15:54.293

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.3 (MEDIUM)
Detected tags: arb_write, path, unauth_access (tag impact: HIGH)

Recommended actions:

Canonicalize path; block `..` traversal; use allowlists.
Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags