CVE-2024-48892

A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.

Published: Aug 12, 2025
Updated: Aug 15, 2025
CVE: CVE-2024-48892
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-23

Affected Software
References

Software	From	Fixed in
fortinet / fortisoar	7.3.0	7.5.2
fortinet / fortisoar	7.6.0	7.6.0.x

https://fortiguard.fortinet.com/psirt/FG-IR-24-421

Vulnerability Database

CVE-2024-48892