What is CVE-2025-22859?

CVE-2025-22859 is a medium-severity vulnerability in Fortinet Forticlientems, classified under Relative Path Traversal. CVSS score: 5.0/10. Published 2025-05-13.

How severe is CVE-2025-22859?

Medium severity. CVSS v3 base score is 5.0 out of 10.

Path Traversal in Fortinet Forticlientems

CVE-2025-22859

A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upl…

EPSS: 0.003 (55.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C.

Affected products

Fortinet Forticlientems — versions 7.4.0

Weakness classification (CWE)

CWE-23 — Relative Path Traversal

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-552

Frequently asked questions

What is CVE-2025-22859?: CVE-2025-22859 is a medium-severity vulnerability in Fortinet Forticlientems, classified under Relative Path Traversal. CVSS score: 5.0/10. Published 2025-05-13.
How severe is CVE-2025-22859?: Medium severity. CVSS v3 base score is 5.0 out of 10.