CVE Daily

CVE-2025-24470

An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal...

High CVSS 8.6

Overview

An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests.

CWE: CWE-41 Published: 2025-02-11T17:15:34.730
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 8.6 (HIGH)
  • Detected tags: unauth_access (tag impact: HIGH)

Recommended actions:

  • Enforce authentication/authorization; reduce default endpoint exposure.

Recommended tools

Tags