CVE-2025-61624 - CERT CVE

  1. CVE-2025-61624

ID CVE-2025-61624
Sažetak An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.
Reference
CVSS
Base: 6.0
Impact: 5.2
Exploitability:0.8
Pristup
VektorSloženostAutentikacija
LOCAL LOW HIGH
Impact
PovjerljivostCjelovitostDostupnost
NONE HIGH HIGH
CVSS vektor CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Zadnje važnije ažuriranje 17-04-2026 - 15:11
Objavljeno 14-04-2026 - 16:16