Path confusion vulnerability in GUI Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-25-910 Final 1 1 2025-11-14T00:00:00 Current version 2025-11-14T00:00:00 2025-11-14T00:00:00 A relative path traversal vulnerability [CWE-23] in FortiWeb may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.Fortinet has observed this to be exploited in the wildFortiAppSec Cloud is NOT impacted by this vulnerability. None Improper access control None FortiWeb 8.0.1 FortiWeb 8.0.0 FortiWeb 7.6.4 FortiWeb 7.6.3 FortiWeb 7.6.2 FortiWeb 7.6.1 FortiWeb 7.6.0 FortiWeb 7.4.9 FortiWeb 7.4.8 FortiWeb 7.4.7 FortiWeb 7.4.6 FortiWeb 7.4.5 FortiWeb 7.4.4 FortiWeb 7.4.3 FortiWeb 7.4.2 FortiWeb 7.4.1 FortiWeb 7.4.0 FortiWeb 7.2.11 FortiWeb 7.2.10 FortiWeb 7.2.9 FortiWeb 7.2.8 FortiWeb 7.2.7 FortiWeb 7.2.6 FortiWeb 7.2.5 FortiWeb 7.2.4 FortiWeb 7.2.3 FortiWeb 7.2.2 FortiWeb 7.2.1 FortiWeb 7.2.0 FortiWeb 7.0.11 FortiWeb 7.0.10 FortiWeb 7.0.9 FortiWeb 7.0.8 FortiWeb 7.0.7 FortiWeb 7.0.6 FortiWeb 7.0.5 FortiWeb 7.0.4 FortiWeb 7.0.3 FortiWeb 7.0.2 FortiWeb 7.0.1 FortiWeb 7.0.0 CVE-2025-64446 FortiWeb-8.0.1 FortiWeb-8.0.0 FortiWeb-7.6.4 FortiWeb-7.6.3 FortiWeb-7.6.2 FortiWeb-7.6.1 FortiWeb-7.6.0 FortiWeb-7.4.9 FortiWeb-7.4.8 FortiWeb-7.4.7 FortiWeb-7.4.6 FortiWeb-7.4.5 FortiWeb-7.4.4 FortiWeb-7.4.3 FortiWeb-7.4.2 FortiWeb-7.4.1 FortiWeb-7.4.0 FortiWeb-7.2.11 FortiWeb-7.2.10 FortiWeb-7.2.9 FortiWeb-7.2.8 FortiWeb-7.2.7 FortiWeb-7.2.6 FortiWeb-7.2.5 FortiWeb-7.2.4 FortiWeb-7.2.3 FortiWeb-7.2.2 FortiWeb-7.2.1 FortiWeb-7.2.0 FortiWeb-7.0.11 FortiWeb-7.0.10 FortiWeb-7.0.9 FortiWeb-7.0.8 FortiWeb-7.0.7 FortiWeb-7.0.6 FortiWeb-7.0.5 FortiWeb-7.0.4 FortiWeb-7.0.3 FortiWeb-7.0.2 FortiWeb-7.0.1 FortiWeb-7.0.0 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-25-910 Path confusion vulnerability in GUI Reference>