Home

Description

A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests.

PUBLISHED Reserved 2025-07-07 | Published 2025-09-09 | Updated 2025-09-09 | Assigner fortinet




MEDIUM: 4.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C

Problem types

Information disclosure

Product status

Default status
unaffected

7.6.0 (semver)
affected

7.4.0 (semver)
affected

7.2.0 (semver)
affected

7.0.2 (semver)
affected

References

fortiguard.fortinet.com/psirt/FG-IR-25-512

cve.org (CVE-2025-53609)

nvd.nist.gov (CVE-2025-53609)

Download JSON