CVE-2024-52964 MEDIUM

CVE-2024-52964

Vendor Fortinet
Product FortiManager
Weakness CWE-22 · Path traversal
Published August 12, 2025
Last update August 13, 2025

CVSS base score

5.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:X/RC:C

What the vulnerability does

01Description

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5 and before 7.2.9 allows an authenticated remote attacker to overwrite arbitrary files via FGFM crafted requests.

Key dates

02Disclosure timeline

August 12, 2025 CVE published
August 13, 2025 Record updated