CVE-2025-24470
HIGH EPSS 65.1%
Published Feb 11, 20251y ago · Modified Jun 17, 20262w ago
8.6 CVSS 3.1
Published Feb 11, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Changed
Confidentiality High
Integrity None
Availability None
Threat Intelligence
EPSS Exploit Probability
65.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-41
Affected Products 3
References 1
- fortiguard.fortinet.com https://fortiguard.fortinet.com/psirt/FG-IR-25-015
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.