Fortinet FortiWeb up to 7.0.11/7.2.11/7.4.6/7.6.2 path traversal

Summaryinfo

A vulnerability, which was classified as critical, was found in Fortinet FortiWeb up to 7.0.11/7.2.11/7.4.6/7.6.2. This affects an unknown part. Executing a manipulation can lead to path traversal. The identification of this vulnerability is CVE-2025-25254. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

Detailsinfo

A vulnerability has been found in Fortinet FortiWeb up to 7.0.11/7.2.11/7.4.6/7.6.2 and classified as critical. This vulnerability affects some unknown functionality. The manipulation with an unknown input leads to a path traversal vulnerability. The CWE definition for the vulnerability is CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated admin to access and modify the filesystem via crafted requests.

The advisory is shared for download at fortiguard.fortinet.com. This vulnerability was named CVE-2025-25254 since 02/05/2025. The exploitation appears to be easy. The attack can be initiated remotely. Additional levels of successful authentication are needed for exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1006.

The vulnerability scanner Nessus provides a plugin with the ID 234005 (Fortinet FortiWeb Directory Traversal (FG-IR-24-474)), which helps to determine the existence of the flaw in a target environment.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (234005). Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Firewall Software

Vendor

• Fortinet

Name

• FortiWeb

Version

• 7.0.0
• 7.0.1
• 7.0.2
• 7.0.3
• 7.0.4
• 7.0.5
• 7.0.6
• 7.0.7
• 7.0.8
• 7.0.9
• 7.0.10
• 7.0.11
• 7.2.0
• 7.2.1
• 7.2.2
• 7.2.3
• 7.2.4
• 7.2.5
• 7.2.6
• 7.2.7
• 7.2.8
• 7.2.9
• 7.2.10
• 7.2.11
• 7.4.0
• 7.4.1
• 7.4.2
• 7.4.3
• 7.4.4
• 7.4.5
• 7.4.6
• 7.6.0
• 7.6.1
• 7.6.2

License

• commercial

Website

• Vendor: https://www.fortinet.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion