CVE-2025-61624
Description
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*range: >=7.0.0,<7.4.12
- (no CPE)range: 7.6.0 through 7.6.4, 7.4.0 through 7.4.11, 7.2 all versions, 7.0 all versions
cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*range: >=7.0.0,<7.0.7
- (no CPE)range: 7.2.0 through 7.2.7, 7.0.0 through 7.0.6
Patches
Vulnerability mechanics
References
2News mentions
1- Critical Fortinet FortiSandbox flaws now exploited in attacksBleepingComputer · Jun 16, 2026