Path Traversal Vulnerabilities in FortiVoice by Fortinet
CVE-2025-60024

7.7HIGH

Key Information:

Vendor: Fortinet
Status: Fortivoice
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-60024?

Multiple improper limitations of a pathname to a restricted directory were found in Fortinet's FortiVoice, specifically affecting versions 7.0.0 through 7.2.2. These vulnerabilities could enable an authenticated attacker, with sufficient privileges, to write arbitrary files on the system through crafted HTTP or HTTPS commands. This could potentially lead to further exploitation and unauthorized access, allowing attackers to manipulate system configurations or access sensitive data.

Affected Version(s)

FortiVoice 7.2.0 <= 7.2.2

FortiVoice 7.0.0 <= 7.0.7

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-812

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Sep 25, 2025

JSON