Path Traversal Vulnerability in Fortinet FortiOS and FortiPAM Products
CVE-2025-61624

5.4MEDIUM

Key Information:

Vendor: Fortinet
Status: FortiOS; Fortiproxy; Fortiswitchmanager; Fortipam
Vendor: CVE Published:; 14 April 2026

What is CVE-2025-61624?

A path traversal vulnerability in Fortinet's FortiOS and FortiPAM can allow an authenticated attacker with sufficient permissions to execute arbitrary file operations. By exploiting specific CLI commands, an attacker could potentially write or delete files, posing a significant risk to system integrity and confidentiality. This vulnerability impacts multiple versions of FortiOS and FortiPAM, emphasizing the need for immediate remediation to protect critical infrastructure.

Affected Version(s)

FortiOS 7.6.0 <= 7.6.4

FortiOS 7.4.0 <= 7.4.9

FortiOS 7.2.0 <= 7.2.13

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-122

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Sep 29, 2025

CVE-2025-61624 Data

JSON