Relative Path Traversal Vulnerability in FortiSOAR by Fortinet
CVE-2024-48892

4.9MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortisoar
Vendor: CVE Published:; 12 August 2025

What is CVE-2024-48892?

A relative path traversal vulnerability exists in FortiSOAR versions 7.6.0, 7.5.0 through 7.5.1, and all versions of 7.4 and 7.3. This vulnerability allows an authenticated attacker to exploit the system by uploading a malicious solution pack, potentially granting access to read arbitrary files on the server. This could lead to unauthorized information disclosure, emphasizing the importance of timely updates and security measures in mitigating risks associated with this vulnerability.

Affected Version(s)

FortiSOAR 7.6.0

FortiSOAR 7.5.0 <= 7.5.1

FortiSOAR 7.4.0 <= 7.4.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-421

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Oct 9, 2024