Path Traversal Vulnerability in Fortinet FortiManager
CVE-2024-52964

6.5MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortimanager
Vendor: CVE Published:; 12 August 2025

What is CVE-2024-52964?

An improper limitation of a pathname to a restricted directory vulnerability in Fortinet FortiManager can allow authenticated remote attackers to overwrite arbitrary files. This issue affects multiple versions of FortiManager and FortiManager Cloud, which could expose sensitive data and severely compromise system integrity. Attackers may exploit this flaw through crafted FGFM requests, leading to unauthorized access and manipulation of files.

Affected Version(s)

FortiManager 7.6.0 <= 7.6.1

FortiManager 7.4.0 <= 7.4.5

FortiManager 7.2.0 <= 7.2.9

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-473

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Nov 18, 2024

JSON