CVE-2025-53609 MEDIUM

CVE-2025-53609

Vendor Fortinet

Product FortiWeb

Weakness CWE-23

Published September 9, 2025

Last update January 14, 2026

View on NVD All CVEs

CVSS base score

4.7/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C

What the vulnerability does

01Description

A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests.

Key dates

02Disclosure timeline

September 9, 2025 CVE published

January 14, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-53609 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/23.html

Related vulnerabilities

Identifiers

CVE CVE-2025-53609

CWE CWE-23

CVSS 4.7 / MEDIUM

Affected versions

Vendor Fortinet

Product FortiWeb

Affected ≥ 7.6.0 and ≤ 7.6.4

Vendor Fortinet

Product FortiWeb

Affected ≥ 7.4.0 and ≤ 7.4.8

Vendor Fortinet

Product FortiWeb

Affected ≥ 7.2.0 and ≤ 7.2.11

Vendor Fortinet

Product FortiWeb

Affected ≥ 7.0.2 and ≤ 7.0.12

CVE-2025-53609

01Description

02Disclosure timeline

03References

04Related CVE