FortiSOAR Agent Security Flaw: Unauthorized File Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.8

FortiSOAR Agent Security Flaw: Unauthorized File Access

CVE-2025-54659

Summary

An attacker can send a special request to the FortiSOAR Agent, allowing them to access sensitive files on the system where the agent is installed. This could lead to unauthorized access to important data. FortiSOAR users should update to the latest version of the Agent Communication Bridge.

Original title

Original description

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port.

nvd CVSS3.1 5.8

Vulnerability type

CWE-22 Path Traversal

https://fortiguard.fortinet.com/psirt/FG-IR-26-084

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026