What is CVE-2025-61624?

CVE-2025-61624 is a medium-severity vulnerability in Fortinet Fortios, classified under Path Traversal. CVSS score: 6.0/10. Published 2026-04-14.

How severe is CVE-2025-61624?

Medium severity. CVSS v3 base score is 6.0 out of 10.

Path Traversal in Fortinet Fortios

CVE-2025-61624

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (26.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H.

Affected products

Fortinet Fortios — versions 7.6.0, 7.4.0, 7.2.0
Fortinet Fortipam — versions 1.7.0, 1.6.0, 1.5.0
Fortinet Fortiproxy — versions 7.6.0, 7.4.0, 7.2.0
Fortinet Fortiswitchmanager — versions 7.2.0, 7.0.0

Weakness classification (CWE)

CWE-22 — Path Traversal

References

psirt@fortinet.com (Vendor Advisory)
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

Frequently asked questions

What is CVE-2025-61624?: CVE-2025-61624 is a medium-severity vulnerability in Fortinet Fortios, classified under Path Traversal. CVSS score: 6.0/10. Published 2026-04-14.
How severe is CVE-2025-61624?: Medium severity. CVSS v3 base score is 6.0 out of 10.