CVE-2025-53609
Medium
Published: 09 September 2025
Published
09 September 2025
Modified
10 September 2025
KEV Added
—
Patch
—
CVSS Score v3.1
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.0014
33.4th percentile
Risk Priority
10
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2025-53609 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Fortinet Fortiweb. Its CVSS base score is 4.9 (Medium).
Operationally, ranked at the 33.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-27259
Vulnerability details
A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
fortinet
fortiweb
7.0.2 — 7.2.12 · 7.4.0 — 7.4.9 · 7.6.0 — 7.6.5
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.