CVE-2025-61624

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.6.0 through 7.6.4 FortiOS versions 7.4.0 through 7.4.9 FortiOS version 7.2 FortiOS version 7.0 FortiOS version 6.4 FortiPAM version 1.7.0 FortiPAM version 1.6 FortiPAM version 1.5 FortiPAM version 1.4 FortiPAM version 1.3 FortiPAM version 1.2 FortiPAM version 1.1 FortiPAM version 1.0 FortiProxy versions 7.6.0 through 7.6.4 FortiProxy versions 7.4.0 through 7.4.11 FortiProxy version 7.2 FortiProxy version 7.0 FortiSwitchManager versions 7.2.0 through 7.2.7 FortiSwitchManager versions 7.0.0 through 7.0.6

Description An improper limitation of a pathname to a restricted directory, known as path traversal, allows an authenticated attacker with an admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.