CVE-2025-68649_CVE-2025-68649

5.4 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C

Description

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.

Basic Information

ID CVE-2025-68649

Source fortinet

Published Apr 14, 2026 at 15:39

Affected Product

Vendor Fortinet

Product FortiManager Cloud

Version 7.6.2

Affected Versions Fortinet FortiManager Cloud 7.6.2
Fortinet FortiManager Cloud 7.4.1
Fortinet FortiManager Cloud 7.2.1
Fortinet FortiManager Cloud 7.0.1
Fortinet FortiManager 7.6.0
Fortinet FortiManager 7.4.0
Fortinet FortiManager 7.2.0
Fortinet FortiManager 7.0.0
Fortinet FortiAnalyzer 7.6.0
Fortinet FortiAnalyzer 7.4.0
Fortinet FortiAnalyzer 7.2.0
Fortinet FortiAnalyzer 7.0.0
Fortinet FortiAnalyzer Cloud 7.6.2
Fortinet FortiAnalyzer Cloud 7.4.1
Fortinet FortiAnalyzer Cloud 7.2.1
Fortinet FortiAnalyzer Cloud 7.0.1

CWE Classification

CWE-22

References

fortiguard.fortinet.com /psirt/FG-IR-26-120

{
    "lastseen": "",
    "description": "An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.",
    "published": "2026-04-14T15:39:46.446Z",
    "modified": "2026-04-14T15:39:46.446Z",
    "type": "cve",
    "title": "CVE-2025-68649",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-26-120",
    "id": "CVE-2025-68649",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiManager Cloud 7.6.2\nFortinet FortiManager Cloud 7.4.1\nFortinet FortiManager Cloud 7.2.1\nFortinet FortiManager Cloud 7.0.1\nFortinet FortiManager 7.6.0\nFortinet FortiManager 7.4.0\nFortinet FortiManager 7.2.0\nFortinet FortiManager 7.0.0\nFortinet FortiAnalyzer 7.6.0\nFortinet FortiAnalyzer 7.4.0\nFortinet FortiAnalyzer 7.2.0\nFortinet FortiAnalyzer 7.0.0\nFortinet FortiAnalyzer Cloud 7.6.2\nFortinet FortiAnalyzer Cloud 7.4.1\nFortinet FortiAnalyzer Cloud 7.2.1\nFortinet FortiAnalyzer Cloud 7.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiManager Cloud",
    "version": "7.6.2",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}