CVE-2025-54659

Name of the Vulnerable Software and Affected Versions Fortinet FortiSOAR Agent Communication Bridge versions 1.0 all versions and 1.1.0

Description An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') issue exists. This allows an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed. This is achieved by sending a crafted request to the agent port. The issue is identified as CWE-22.

Recommendations Update FortiSOAR Agent Communication Bridge version 1.0 all versions to a newer, fixed version. Update FortiSOAR Agent Communication Bridge version 1.1.0 to a newer, fixed version.