HIGH🇵🇱 Wersja polska

CVE-2025-24470

CVSS 8.6v3.1pub. 2025-02-11upd. 2025-07-22

An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  • Fortinet Fortiportal

    APP
    Fortinet
    7.0.0 – 7.0.12 (bez)7.2.0 – 7.2.7 (bez)7.4.0 – 7.4.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2021-32588CRITICAL9.8ten sam produkt

A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and bel...

CVE-2021-32590CRITICAL9.9ten sam produkt

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0...

CVE-2017-7342CRITICAL9.8ten sam produkt

A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an atta...

CVE-2017-7337CRITICAL9.1ten sam produkt

An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker t...

CVE-2021-32589HIGH8.1ten sam produkt

A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7...