PSIRT

Path Traversal in agent leads to Privilege Escalation

Summary

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiDLP Agent's Outlookproxy plugin for Windows and MacOS may allow an authenticated attacker to escalate their privileges to LocalService or Root privilege via sending a crafted request to a local listening port.

Version	Affected	Solution
FortiDLP 12.1	Not affected	Not Applicable
FortiDLP 12.0	Not affected	Not Applicable
FortiDLP 11.5	11.5 all versions	Migrate to a fixed release
FortiDLP 11.4	11.4 all versions	Migrate to a fixed release
FortiDLP 11.3	11.3 all versions	Migrate to a fixed release
FortiDLP 11.2	11.2 all versions	Migrate to a fixed release
FortiDLP 11.1	11.1 all versions	Migrate to a fixed release
FortiDLP 11.0	11.0 all versions	Migrate to a fixed release
FortiDLP 10.5	10.5 all versions	Migrate to a fixed release
FortiDLP 10.4	10.4 all versions	Migrate to a fixed release
FortiDLP 10.3	10.3 all versions	Migrate to a fixed release
FortiDLP 6.0	Not affected	Not Applicable

Acknowledgement

Internally discovered and reported by developers of FortiDLP team.

Timeline

2025-10-14: Initial publication

IR Number	FG-IR-25-628
Published Date	Oct 14, 2025
Component	CLI
Severity	High
CVSSv3 Score	7.2
Impact	Escalation of privilege
CVE ID
Download	CVRF CSAF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

Path Traversal in agent leads to Privilege Escalation

Summary

Acknowledgement

Timeline

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

Path Traversal in agent leads to Privilege Escalation

Summary

Acknowledgement

Timeline

Threat Intelligence
Center