CVE-2025-53609

{"id": "CVE-2025-53609", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2025-09-09T14:15:46.363", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-512", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-23"}]}], "descriptions": [{"lang": "en", "value": "A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests."}], "lastModified": "2025-09-10T15:14:32.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8D3130A-BFAC-4C36-9F11-C90B919BD744", "versionEndExcluding": "7.2.12", "versionStartIncluding": "7.0.2"}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDB2FF56-D1ED-4EB5-B4D8-8FEDE1A521C8", "versionEndExcluding": "7.4.9", "versionStartIncluding": "7.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D358CE92-A30D-4058-8D12-00376E4B9074", "versionEndExcluding": "7.6.5", "versionStartIncluding": "7.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}