Skip to main content

Fortivoice CVE-2025-58693

MEDIUM
Path Traversal (CWE-22)
2026-01-13 psirt@fortinet.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 13, 2026 - 17:15 nvd
MEDIUM 6.5

DescriptionCVE.org

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.

AnalysisAI

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests. [CVSS 6.5 MEDIUM]

Technical ContextAI

Classified as CWE-22 (Path Traversal). Affects Fortivoice. An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.

RemediationAI

Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists. Restrict network access to the affected service where possible.

CVE-2024-48884 CRITICAL
9.1 Jan 14

Arbitrary file write and folder deletion in Fortinet FortiManager, FortiOS, and FortiProxy is possible via a path traver

CVE-2020-9294 CRITICAL POC
9.8 Apr 27

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 an

CVE-2024-48885 CRITICAL
9.1 Jan 16

Privilege escalation via path traversal affects multiple Fortinet appliances - FortiWeb (6.4, 7.0, 7.2, 7.4.0-7.4.4, 7.6

CVE-2023-37931 HIGH
8.8 Jan 14

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiV

CVE-2024-26013 HIGH
7.5 Apr 08

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS versio

CVE-2021-42757 MEDIUM
6.7 Dec 08

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allo

CVE-2023-37932 MEDIUM
6.5 Jan 10

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEn

CVE-2021-24008 MEDIUM
5.3 Mar 28

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS versi

CVE-2022-23439 MEDIUM
4.7 Jan 22

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison we

CVE-2025-55717 MEDIUM
4.0 Mar 10

A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7

CVE-2024-50565 LOW
3.1 Apr 08

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS versio

CVE-2025-58692 HIGH
8.8 Nov 18

An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] vulnerabi

Share

CVE-2025-58693 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy