What is CVE-2025-61624?

A medium-severity path traversal vulnerability exists in Fortinet FortiOS and related products, affecting multiple versions. Organizations are urged to prioritize patching to mitigate potential risks.

What is the severity of CVE-2025-61624?

CVE-2025-61624 has a severity rating of MEDIUM with a CVSS base score of 6.

CVE-2025-61624 | Medium Vulnerability in Fortinet FortiOS

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability exists in Fortinet FortiOS, impacting versions 7.6.0 through 7.6.4, 7.4.0 through 7.4.9, and several others across FortiPAM, FortiProxy, and FortiSwitchManager. This vulnerability allows authenticated attackers with admin profiles and read-write permissions to write or delete arbitrary files using specific CLI commands.

The severity of this vulnerability is classified as medium, with a CVSS score of 6.5, indicating a notable risk that should not be overlooked. Organizations utilizing affected versions could face serious operational disruptions if exploited.

Given the nature of the vulnerability, organizations should prioritize patching immediately. Adequate measures must be taken to close the security gap and safeguard sensitive information from potential unauthorized access.

Currently, no public exploits or proof-of-concept (PoC) code has been confirmed for this vulnerability, but the nature of the issue allows for a local attack vector, which increases the urgency for remediation.

Vulnerability Details

The identified vulnerability in Fortinet FortiOS is characterized as a path traversal issue, classified under CWE-22. This vulnerability impacts several product versions, including FortiOS 7.6.0 to 7.6.4, FortiOS 7.4.0 to 7.4.9, and various versions of FortiPAM and FortiProxy. The CVSS score of 6.5 reinforces the need for immediate attention, as it indicates potential for significant integrity and availability impact.

Technical Analysis

The root cause of this vulnerability lies in the inadequate validation of user input within the CLI commands, allowing for traversal outside of the intended directories. Attackers with high privileges can exploit this weakness through a local attack vector, which requires low complexity and no user interaction, leading to high integrity and availability impacts.

Risk & Impact Analysis

Risk to organizations includes unauthorized file manipulation, which could lead to data loss, system corruption, or further exploitation. The blast radius extends to all versions of Fortinet products specified, thus emphasizing the need for an immediate patching strategy. The medium severity level and current exploitability status highlight the importance of addressing this vulnerability in the next patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects multiple versions of Fortinet products, including FortiOS versions 6.4.0 to 7.4.9 and 7.6.0 to 7.6.4, FortiPAM versions 1.0.0 to 1.6, FortiProxy versions 7.0.0 to 7.4.11 and 7.6.0 to 7.6.4, and FortiSwitchManager versions 7.0.0 to 7.0.6 and 7.2.0 to 7.2.7. Organizations using these versions should ensure they have applied the latest security patches.

Mitigation & Remediation

Fortinet has released patches for the affected versions. Organizations should review the specific updates available for FortiOS, FortiPAM, FortiProxy, and FortiSwitchManager, and apply these updates as part of their regular security maintenance. Further, implementing strict access controls and monitoring CLI command usage can help mitigate the risk of this vulnerability being exploited.

For more information on security testing and best practices, organizations can explore penetration testing services to validate their security posture.

Detection Guidance

Organizations should monitor logs for unusual CLI command usage and file system changes. Implementing alerting for unauthorized access attempts and reviewing user permissions regularly can help detect potential exploitation attempts.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-61624 lies in its demonstration of the risks associated with path traversal vulnerabilities. Organizations must recognize the critical need for secure coding practices and robust validation mechanisms to prevent similar vulnerabilities in the future. Security teams should prioritize vulnerability assessments and implement comprehensive security testing methodologies to ensure their systems are resilient against such risks.

For further resources on vulnerability management and best practices, organizations can refer to the following articles: vulnerability management program design, penetration testing methodology, and API security testing to enhance overall security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-61624: Medium Vulnerability in Fortinet FortiOS