CVE-2025-25254

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Apr 8, 2025

CWE ID 22

Summary

CVE-2025-25254 is a Path Traversal vulnerability affecting FortiWeb versions 7.6.2 and below, 7.4.6 and below, 7.2 all versions, and 7.0 all versions. This issue (CWE-22) enables authenticated administrators to bypass restrictions and access or modify files on the system through crafted requests. The vulnerability can lead to significant security risks, potentially allowing unauthorized access, data theft, or system manipulation. FortiWeb users are advised to update their software to the latest version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FortiWeb

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3FUvR8
https://www.cve.org/CVERecord?id=CVE-2025-25254
https://nvd.nist.gov/vuln/detail/CVE-2025-25254

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners