CVE-2025-68648

Summary

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14 may allow an attacker to escalate its privileges via specially crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiManager Cloud7.6.2 <= 7.6.3affected
FortinetFortiManager Cloud7.4.1 <= 7.4.7affected
FortinetFortiManager Cloud7.2.1 <= 7.2.10affected
FortinetFortiManager Cloud7.0.1 <= 7.0.14affected
FortinetFortiAnalyzer Cloud7.6.2affected
FortinetFortiAnalyzer Cloud7.4.1 <= 7.4.7affected
FortinetFortiAnalyzer Cloud7.2.1 <= 7.2.12affected
FortinetFortiAnalyzer Cloud7.0.1 <= 7.0.16affected
FortinetFortiAnalyzer7.6.0 <= 7.6.4affected
FortinetFortiAnalyzer7.4.0 <= 7.4.7affected
FortinetFortiAnalyzer7.2.0 <= 7.2.12affected
FortinetFortiAnalyzer7.0.0 <= 7.0.16affected
FortinetFortiManager7.6.0 <= 7.6.4affected
FortinetFortiManager7.4.0 <= 7.4.7affected
FortinetFortiManager7.2.0 <= 7.2.12affected
FortinetFortiManager7.0.0 <= 7.0.16affected

Weaknesses

  • CWE-134: Escalation of privilege

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References