CVE-2025-68482

Summary

A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiAnalyzer7.6.0 <= 7.6.4affected
FortinetFortiAnalyzer7.4.0 <= 7.4.8affected
FortinetFortiAnalyzer7.2.0 <= 7.2.12affected
FortinetFortiAnalyzer7.0.0 <= 7.0.16affected
FortinetFortiAnalyzer6.4.0 <= 6.4.15affected
FortinetFortiManager7.6.0 <= 7.6.4affected
FortinetFortiManager7.4.0 <= 7.4.8affected
FortinetFortiManager7.2.0 <= 7.2.12affected
FortinetFortiManager7.0.0 <= 7.0.16affected
FortinetFortiManager6.4.0 <= 6.4.15affected
FortinetFortiManager Cloud7.6.2 <= 7.6.3affected
FortinetFortiManager Cloud7.4.1 <= 7.4.7affected
FortinetFortiManager Cloud7.2.1 <= 7.2.10affected
FortinetFortiManager Cloud7.0.1 <= 7.0.14affected
FortinetFortiManager Cloud6.4.1 <= 6.4.7affected
FortinetFortiAnalyzer Cloud7.6.2affected
FortinetFortiAnalyzer Cloud7.4.1 <= 7.4.7affected
FortinetFortiAnalyzer Cloud7.2.1 <= 7.2.10affected
FortinetFortiAnalyzer Cloud7.0.1 <= 7.0.14affected
FortinetFortiAnalyzer Cloud6.4.1 <= 6.4.7affected

Weaknesses

  • CWE-295: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References