Relative Path Traversal Vulnerability in Fortinet's FortiWeb Product
CVE-2025-53609

4.7MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiweb
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-53609?

A vulnerability present in FortiWeb allows an authenticated attacker to exploit Relative Path Traversal. By crafting specific requests, attackers could gain unauthorized access to files on the underlying system. This exposure may lead to sensitive data breaches, necessitating immediate attention and remediation to safeguard Fortinet users.

Affected Version(s)

FortiWeb 7.6.0 <= 7.6.4

FortiWeb 7.4.0 <= 7.4.8

FortiWeb 7.2.0 <= 7.2.11

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-512

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Jul 7, 2025