CVE-2025-58693NVD

Vulnerability Summary

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.

Severity Level

MEDIUM(6.5)

Published Date

Jan 13, 2026

Last Modified

Jan 14, 2026

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-22: Path Traversal ↗

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

ScopeUnchanged

ConfidentialityNone

IntegrityHigh

AvailabilityHigh

External References

https://fortiguard.fortinet.com/psirt/FG-IR-25-778

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-58693NVD

Vulnerability Summary

External References