Improper Resolution of Path Equivalence

CVE-2025-24470

High

8.6/10

Summary

An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-41 - Improper Resolution of Path Equivalence

The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.

References

Advisory Timeline

Published Feb 11, 2025

Improper Resolution of Path Equivalence

CVE-2025-24470

Summary

CWE-41 - Improper Resolution of Path Equivalence

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS