CVE-2025-58693
📋 TL;DR
This path traversal vulnerability in Fortinet FortiVoice allows privileged attackers to delete arbitrary files from the underlying filesystem via crafted HTTP/HTTPS requests. Affected systems include FortiVoice versions 7.2.0-7.2.2 and 7.0.0-7.0.7. Attackers with administrative access can exploit this to delete critical system files.
💻 Affected Systems
- Fortinet FortiVoice
📦 What is this software?
Fortivoice by Fortinet
Fortivoice by Fortinet
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via deletion of critical OS files leading to system instability, data loss, or denial of service.
Likely Case
Targeted deletion of configuration files, logs, or application data causing service disruption and potential data loss.
If Mitigated
Limited impact if proper access controls and monitoring are in place, with attackers only able to delete non-critical files.
🎯 Exploit Status
Exploitation requires authenticated privileged access; path traversal vulnerabilities are typically straightforward to exploit once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: FortiVoice 7.2.3 and 7.0.8 or later
Vendor Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-25-778
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Download and install FortiVoice 7.2.3 or 7.0.8 from Fortinet support portal. 3. Apply configuration backup. 4. Reboot system to complete installation.
🔧 Temporary Workarounds
Restrict Administrative Access
allLimit administrative access to trusted IP addresses and users only.
Configure firewall rules to restrict administrative interface access to specific IP ranges
Implement Web Application Firewall
allDeploy WAF with path traversal protection rules.
Configure WAF rules to block requests containing '../' sequences and other traversal patterns
🧯 If You Can't Patch
- Implement strict network segmentation to isolate FortiVoice systems from untrusted networks.
- Enable detailed logging and monitoring for file deletion events and unusual administrative activity.
🔍 How to Verify
Check if Vulnerable:
Check FortiVoice version via web interface: System > Dashboard > System Information, or CLI command: get system statusCheck Version:
get system status | grep VersionVerify Fix Applied:
Verify version is 7.2.3 or higher, or 7.0.8 or higher using same methods as above.📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion events in system logs
- Multiple failed file access attempts with traversal patterns
- Administrative user performing unexpected file operations
Network Indicators:
- HTTP/HTTPS requests containing '../' or similar traversal sequences
- Unusual administrative traffic patterns
SIEM Query:
source="fortivoice" AND (event_type="file_delete" OR uri="*../*")