PatchSiren cyber security CVE debrief
CVE-2025-61624 Siemens CVE debrief
CVE-2025-61624 is a CWE-22 path traversal issue described in the supplied advisory text as affecting multiple Fortinet platforms, where an authenticated attacker with an admin profile and at least read-write permissions may be able to write or delete arbitrary files via specific CLI commands. The supplied CISA source was published on 2026-03-10 and updated on 2026-05-14; its revision history shows the CVE was added on 2026-05-12. Because the source item metadata names Siemens RUGGEDCOM APE1808 while the embedded CVE text and remediation refer to Fortinet products, this debrief follows the CVE description in the corpus and flags the product mismatch.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-10
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-03-10
- Advisory updated
- 2026-05-14
Who should care
Administrators and operators responsible for affected Fortinet FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager deployments; security teams that manage privileged CLI access; and incident responders who need to protect configuration and file integrity on exposed appliances.
Technical summary
The vulnerability is an improper limitation of pathname resolution to a restricted directory. In the supplied description, an authenticated attacker with admin profile and read-write permissions can use specific CLI commands to write or delete arbitrary files on affected versions, which can impact device integrity and availability. The advisory text lists affected ranges across FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager, and the supplied remediation explicitly calls out FortiGate NGFW v7.4.10 or later for one product line.
Defensive priority
Medium priority, with elevated operational concern for any environment that exposes privileged CLI access or relies on these devices for core network/security functions. The CVSS score in the source is 6.0 (MEDIUM), but arbitrary file write/delete on appliances can still have outsized integrity and availability impact.
Recommended defensive actions
- Update affected Fortinet products to the vendor-fixed versions identified in the advisory; the supplied remediation explicitly states FortiGate NGFW v7.4.10 or later for the referenced product line.
- Use the official vendor and CISA advisories to confirm the exact fixed release for each affected product family and version branch before maintenance.
- Restrict and monitor administrative CLI access, especially accounts with read-write permissions.
- Audit privileged accounts and review whether any admin profiles grant more access than required.
- Back up configurations and verify restore procedures before applying changes.
- Check for unexpected file changes, deleted files, or configuration drift on affected devices.
- Apply defense-in-depth controls recommended by CISA for industrial and OT-adjacent environments, including segmentation and least privilege.
Evidence notes
Source timeline: published 2026-03-10, modified 2026-05-14. The CISA CSAF revision history in the supplied corpus notes the CVE was added on 2026-05-12. The source item metadata is internally inconsistent: it labels the product as Siemens RUGGEDCOM APE1808, but the CVE description, affected versions, and remediation text are Fortinet-focused. This debrief uses the CVE text provided in the corpus and does not infer beyond it.
Official resources
-
CVE-2025-61624 CVE record
CVE.org
-
CVE-2025-61624 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory source published by CISA on 2026-03-10 and updated on 2026-05-14; the revision history in the supplied source indicates the CVE was added on 2026-05-12.