Vulnerability Description
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortios | >= 6.4.0, < 7.4.10 |
| Fortinet | Fortipam | >= 1.0.0, < 1.7.1 |
| Fortinet | Fortiproxy | >= 7.0.0, < 7.4.12 |
| Fortinet | Fortiswitchmanager | >= 7.0.0, < 7.0.7 |
Related Weaknesses (CWE)
References
- https://fortiguard.fortinet.com/psirt/FG-IR-26-122Vendor Advisory
- https://cert-portal.siemens.com/productcert/html/ssa-975644.html
FAQ
What is CVE-2025-61624?
CVE-2025-61624 is a vulnerability with a CVSS score of 6.0 (MEDIUM). An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions,...
How severe is CVE-2025-61624?
CVE-2025-61624 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-61624?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortios, Fortinet Fortipam, Fortinet Fortiproxy, Fortinet Fortiswitchmanager.