High

Arbitrary File Write via Path Traversal in Fortinet FortiVoice

IdentifiersCVE-2025-60024CWE-22· Improper Limitation of a Pathname…

CVE-2025-60024 is a high-severity path traversal vulnerability in Fortinet FortiVoice affecting versions 7.2.0 through 7.2.2 and 7.0.0 through 7.0.7. The flaw is described as multiple improper limitations of a pathname to a restricted directory, allowing a privileged authenticated attacker to send crafted HTTP or HTTPS commands that traverse intended directory boundaries and write arbitrary files on the target system. Based on the available information, the issue is remotely exploitable over the network and stems from insufficient restriction of file paths used by the affected HTTP/HTTPS-exposed functionality.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an authenticated attacker with privileges to write arbitrary files on the FortiVoice system. Given the CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), the impact can include compromise of confidentiality, integrity, and availability. Arbitrary file write may enable configuration tampering, planting of malicious files, service disruption, unauthorized modification of application or system data, and potentially follow-on compromise depending on what paths and files are writable in the deployment.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict access to the vulnerable HTTP/HTTPS management or command interfaces as much as operationally feasible. Limit exposure to trusted administrative networks only, reduce the number of accounts with the required privileges, and monitor for suspicious file-write activity or unexpected changes on the appliance until patches can be applied.

Remediation

Patch, then assume compromise.

Upgrade Fortinet FortiVoice to a fixed release beyond 7.2.2 for the 7.2 branch or beyond 7.0.7 for the 7.0 branch, and apply the security updates provided by Fortinet. Follow Fortinet advisory FG-IR-25-812 for vendor-specific patch guidance and validated fixed-version information.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

FortinetFortivoiceapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

cvefeed high severityNews

Dec 9, 2025

CVE-2025-60024 - Fortinet FortiVoice Path Traversal

A path traversal vulnerability in Fortinet FortiVoice that allows a privileged authenticated attacker to write arbitrary files via crafted HTTP/HTTPS commands.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity4