CVE-2025-60024 is a vulnerability classified as an improper limitation of a pathname to a restricted directory (CWE-22), commonly known as a path traversal flaw, affecting Fortinet FortiVoice versions 7.0.0 through 7.0.7 and 7.2.0 through 7.2.2. This vulnerability allows a privileged authenticated attacker to craft specific HTTP or HTTPS requests that manipulate file path parameters, enabling arbitrary file writes on the underlying system. The ability to write arbitrary files can lead to escalation of privileges, allowing the attacker to modify system files, implant malicious code, or disrupt normal operations. The vulnerability requires the attacker to have some level of authentication, but no user interaction is necessary, and the attack can be performed remotely over the network. The CVSS v3.1 base score of 7.7 indicates high severity, with attack vector network (AV:N), low attack complexity (AC:L), privileges required (PR:L), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no exploits are currently known in the wild, the vulnerability poses a significant risk due to the critical nature of FortiVoice as a telephony platform used in enterprise environments. The flaw stems from insufficient validation of pathname inputs, allowing traversal outside of intended directories and unauthorized file operations. This can compromise system integrity and availability, potentially disrupting voice communications and exposing sensitive data. Fortinet’s FortiVoice is widely deployed in enterprise and service provider environments, making this vulnerability a critical concern for organizations relying on these systems for voice communications.

For European organizations, the impact of CVE-2025-60024 can be substantial. FortiVoice is often integrated into corporate telephony infrastructure, and exploitation could lead to unauthorized modification or replacement of critical system files, resulting in service disruption or interception of voice communications. This can compromise confidentiality of sensitive conversations, integrity of telephony services, and availability of communication channels. Disruption of voice services can affect business operations, customer support, and emergency communications. Additionally, attackers gaining elevated privileges could pivot to other internal systems, increasing the risk of broader network compromise. The impact is particularly severe for sectors relying heavily on secure and reliable telephony, such as finance, healthcare, government, and critical infrastructure. Given the high CVSS score and the nature of the vulnerability, organizations face risks of data breaches, operational downtime, and reputational damage. The absence of known exploits in the wild currently provides a window for proactive mitigation, but the potential for rapid weaponization exists due to the straightforward exploitation method.

1. Apply patches or updates from Fortinet as soon as they are released addressing CVE-2025-60024. Monitor Fortinet advisories closely for patch availability. 2. Restrict administrative access to FortiVoice management interfaces to trusted networks and IP addresses using network segmentation and firewall rules. 3. Enforce strong authentication mechanisms and regularly review user privileges to minimize the number of accounts with elevated rights. 4. Implement web application firewalls (WAF) or intrusion prevention systems (IPS) to detect and block suspicious HTTP/HTTPS requests that may attempt path traversal attacks. 5. Monitor FortiVoice logs and network traffic for unusual file write operations or anomalous HTTP/HTTPS activity targeting the telephony system. 6. Conduct regular security assessments and penetration tests focusing on telephony infrastructure to identify and remediate weaknesses. 7. Develop incident response plans specific to telephony system compromise to ensure rapid containment and recovery. 8. Educate IT and security teams about this vulnerability and the importance of timely patching and monitoring. These steps go beyond generic advice by focusing on access control, monitoring, and incident preparedness tailored to FortiVoice environments.