A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.
Fixes

Solution

Please upgrade to FortiSOAR version 7.6.1 or above Please upgrade to FortiSOAR version 7.5.2 or above


Workaround

No workaround given by the vendor.

History

Thu, 14 Aug 2025 06:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 12 Aug 2025 19:15:00 +0000

Type Values Removed Values Added
Description A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.
First Time appeared Fortinet
Fortinet fortisoar
Weaknesses CWE-23
CPEs cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.3.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.6.0:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortisoar
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:X/RC:C'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2025-08-13T20:13:21.451Z

Reserved: 2024-10-09T09:03:09.962Z

Link: CVE-2024-48892

cve-icon Vulnrichment

Updated: 2025-08-13T19:54:22.390Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-12T19:15:27.567

Modified: 2025-08-14T01:14:06.720

Link: CVE-2024-48892

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.