CVE-2025-25254

CVE Database · CVE-2025-25254

CVE-2025-25254

· HIGHAnalyzed

CVSS v3.1

7.2

EPSS

0.56%

Published

Apr 8, 2025

Modified

Jul 22, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated admin to access and modify the filesystem via crafted requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-22

Affected Products (2)

fortinet · fortiweb (up to 7.4.7)vulnerable

fortinet · fortiweb (up to 7.6.3)vulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-474

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs