CVE-2025-68482

EUVD-2025-208497

10.03.2026, 18:17

A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
fortinet	CNA	6.3 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:P/RL:W/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
fortinet	fortimanager	6.4.0 ≤ 𝑥 < 7.4.9
fortinet	fortimanager	7.6.0 ≤ 𝑥 < 7.6.5
fortinet	fortianalyzer	6.4.0 ≤ 𝑥 < 7.4.9
fortinet	fortianalyzer	7.6.0 ≤ 𝑥 < 7.6.5

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-295 - Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate.

Vulnerability Media Exposure

[GERMAN] Fortinet: Hochriskante Lücken in FortiWeb, FortiManager und weiteren
Fortinet schließt Lücken in FortiWeb oder FortiManager, die etwa Einschleusen von Befehlen erlauben. FortiGate-Firewalls wurden attackiert.
Published: 2026-03-11T11:47:00+00:00

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-078