CVE-2025-60024 is a path traversal vulnerability affecting Fortinet FortiVoice versions 7.0.0 through 7.0.7 and 7.2.0 through 7.2.2. The flaw stems from improper limitation of pathname inputs, classified under CWE-22, which allows an attacker with privileged authentication to craft HTTP or HTTPS requests that write arbitrary files to the device’s filesystem. This arbitrary file write capability can be leveraged to escalate privileges, modify system configurations, implant persistent malware, or disrupt telephony services. The vulnerability requires the attacker to have some level of authenticated access with elevated privileges, but no user interaction is needed beyond that. The CVSS v3.1 score of 7.7 reflects a high severity, with network attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability. The vulnerability affects core telephony infrastructure devices used in enterprise and service provider environments, making it a critical concern for organizations relying on FortiVoice for voice communications. Although no public exploits have been reported yet, the potential for impactful exploitation is high given the nature of the vulnerability and the critical role of affected devices.

The exploitation of CVE-2025-60024 can lead to severe consequences for organizations globally. Attackers who gain privileged authenticated access can write arbitrary files, potentially leading to full system compromise, including unauthorized access to sensitive voice communications, disruption of telephony services, and persistent backdoors. This can result in loss of confidentiality of communications, integrity violations through configuration or firmware tampering, and availability issues causing denial of service. Enterprises relying on FortiVoice for internal or customer-facing voice services may face operational disruptions, reputational damage, and regulatory compliance issues. Service providers using FortiVoice in their infrastructure could see widespread service outages or interception of communications. The vulnerability’s network accessibility and high impact make it a significant risk, especially in environments where privileged credentials may be exposed or weakly protected.

Organizations should immediately review and restrict privileged access to FortiVoice management interfaces, ensuring only trusted personnel have elevated credentials. Network segmentation should be employed to isolate FortiVoice devices from untrusted networks and limit exposure to potential attackers. Fortinet should be monitored for official patches or firmware updates addressing CVE-2025-60024, and these should be applied promptly once available. In the interim, implement strict logging and monitoring of HTTP/HTTPS requests to FortiVoice devices to detect suspicious path traversal attempts. Employ multi-factor authentication (MFA) for all administrative access to reduce the risk of credential compromise. Conduct regular audits of FortiVoice configurations and file system integrity to detect unauthorized changes. If possible, deploy web application firewalls (WAFs) or intrusion prevention systems (IPS) with custom rules to block path traversal patterns targeting FortiVoice. Finally, educate administrators on the risks of this vulnerability and the importance of credential hygiene.