Vulnerability Details CVE-2025-54659
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.5%
CVSS Severity
CVSS v3 Score 5.8
Products affected by CVE-2025-54659
-
cpe:2.3:a:fortinet:fortisoar_agent_communication_bridge:1.0
-
cpe:2.3:a:fortinet:fortisoar_agent_communication_bridge:1.1