Sign-up

ID

VAR-202512-4271


CVE

CVE-2025-60024


DESCRIPTION

Multiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities [CWE-22] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 may allow a privileged authenticated attacker to write arbitrary files via specifically HTTP or HTTPS commands

Trust: 1.0

sources: NVD: CVE-2025-60024

AFFECTED PRODUCTS

vendor:fortinetmodel:fortivoicescope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:ltversion:7.2.3

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:ltversion:7.0.8

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:gteversion:7.2.0

Trust: 1.0

sources: NVD: CVE-2025-60024

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2025-60024
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2025-60024
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-60024

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

sources: NVD: CVE-2025-60024

EXTERNAL IDS

db:NVDid:CVE-2025-60024

Trust: 1.0

sources: NVD: CVE-2025-60024

REFERENCES

url:https://fortiguard.fortinet.com/psirt/fg-ir-25-812

Trust: 1.0

sources: NVD: CVE-2025-60024

SOURCES

db:NVDid:CVE-2025-60024

LAST UPDATE DATE

2026-01-15T23:38:07.685000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-60024date:2025-12-09T20:25:36.103

SOURCES RELEASE DATE

db:NVDid:CVE-2025-60024date:2025-12-09T18:15:55.820