CVE-2025-53609

CVE Database · CVE-2025-53609

CVE-2025-53609

· MEDIUMAnalyzed

CVSS v3.1

4.9

EPSS

8.37%

Published

Sep 9, 2025

Modified

Sep 10, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-23

Affected Products (3)

fortinet · fortiweb (up to 7.2.12)vulnerable

fortinet · fortiweb (up to 7.4.9)vulnerable

fortinet · fortiweb (up to 7.6.5)vulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-25-512

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs