PT-2025-32873 · Fortinet · Fortimanager+1
Published
2025-08-12
·
Updated
2025-08-13
·
CVE-2024-52964
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:S/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Fortinet FortiManager versions 7.6.0 through 7.6.1
Fortinet FortiManager versions 7.4.0 through 7.4.5
Fortinet FortiManager versions 7.2.0 through 7.2.9
Fortinet FortiManager versions prior to 7.0.13
Fortinet FortiManager Cloud versions 7.6.0 through 7.6.1
Fortinet FortiManager Cloud versions 7.4.0 through 7.4.5
Fortinet FortiManager Cloud versions prior to 7.2.9
Description:
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability allows an authenticated remote attacker to overwrite arbitrary files via crafted FGFM requests.
Recommendations:
Fortinet FortiManager versions 7.6.0 through 7.6.1: Update to a newer version.
Fortinet FortiManager versions 7.4.0 through 7.4.5: Update to a newer version.
Fortinet FortiManager versions 7.2.0 through 7.2.9: Update to a newer version.
Fortinet FortiManager versions prior to 7.0.13: Update to a newer version.
Fortinet FortiManager Cloud versions 7.6.0 through 7.6.1: Update to a newer version.
Fortinet FortiManager Cloud versions 7.4.0 through 7.4.5: Update to a newer version.
Fortinet FortiManager Cloud versions prior to 7.2.9: Update to a newer version.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortimanager
Fortimanager Cloud