CVE-2025-68649

EUVD-2025-209457
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
fortinetCNA
6 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
fortinetfortimanager
7.6.2 ≤
𝑥
≤ 7.6.4
CNA
fortinetfortimanager
7.4.1 ≤
𝑥
≤ 7.4.7
CNA
fortinetfortimanager
7.2.1 ≤
𝑥
≤ 7.2.12
CNA
fortinetfortimanager
7.0.1 ≤
𝑥
≤ 7.0.16
CNA
fortinetfortimanager
7.6.0 ≤
𝑥
≤ 7.6.4
CNA
fortinetfortimanager
7.4.0 ≤
𝑥
≤ 7.4.7
CNA
fortinetfortimanager
7.2.0 ≤
𝑥
≤ 7.2.12
CNA
fortinetfortimanager
7.0.0 ≤
𝑥
≤ 7.0.16
CNA
fortinetfortimanager
7.6.2
CNA
Common Weakness Enumeration
References
https://fortiguard.fortinet.com/psirt/FG-IR-26-120