Primary

Context

Fortinet FortiManager and FortiManager Cloud Path Traversal Vulnerability Allowing Arbitrary File Overwrite

Vulnerability

Patched

A path traversal vulnerability has been identified in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, and below 7.0.13, as well as FortiManager Cloud versions 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, and 7.2.1 through 7.2.9. This vulnerability allows an authenticated remote attacker to overwrite arbitrary files by sending crafted FGFM requests.

Impact

Exploitation of this vulnerability allows for arbitrary file overwriting on the affected system.

Remediation

Users can upgrade Fortinet FortiManager to version 7.6.2 or above, 7.4.6 or above, 7.2.10 or above, or 7.0.14 or above, depending on their current version. Fortinet FortiManager Cloud users should upgrade to version 7.4.6 or above, 7.2.10 or above, or migrate to a fixed release, depending on their current version.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiManager and FortiManager Cloud Path Traversal Vulnerability Allowing Arbitrary File Overwrite

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiManager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating