CVE-2025-24470
Published: 11 February 2025
Summary
CVE-2025-24470 is a high-severity Improper Resolution of Path Equivalence (CWE-41) vulnerability in Fortinet Fortiportal. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2025-24470 by requiring timely remediation of the specific path equivalence flaw through patching as advised in the vendor bulletin.
Requires validation and sanitization of HTTP request paths to prevent improper resolution of path equivalences leading to source code disclosure.
Implements boundary protections such as web application firewalls to monitor and block crafted HTTP requests exploiting path traversal on publicly accessible FortiPortal instances.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in the public-facing FortiPortal web application directly enables remote unauthenticated exploitation for initial access (T1190) and retrieval of source code as data from the local system (T1005).
NVD Description
An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests.
Deeper analysisAI
CVE-2025-24470 is an Improper Resolution of Path Equivalence vulnerability (CWE-41) in FortiPortal versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, and 7.0.0 through 7.0.11. This issue enables a remote unauthenticated attacker to retrieve source code via crafted HTTP requests. The vulnerability carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N), reflecting its high severity stemming from network-based access, low attack complexity, no required privileges or user interaction, changed scope, and high confidentiality impact.
A remote unauthenticated attacker can exploit CVE-2025-24470 by sending specially crafted HTTP requests to an affected FortiPortal instance accessible over the network. Successful exploitation allows the attacker to retrieve source code, potentially disclosing sensitive application logic, configurations, or other proprietary information without impacting integrity or availability.
Mitigation details are provided in the Fortinet PSIRT advisory FG-IR-25-015, available at https://fortiguard.fortinet.com/psirt/FG-IR-25-015. Security practitioners should consult this reference for patch information and recommended remediation steps.
Details
- CWE(s)