CVE-2025-68482

MEDIUM

Fortinet FortiAnalyzer/FortiManager - Info Disclosure

Title source: llm

Description

A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack.

References (1)

[Various Sources] https://fortiguard.fortinet.com/psirt/FG-IR-26-078

Scores

CVSS v3 6.9

EPSS 0.0002

EPSS Percentile 4.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-295

Status published

Products (2)

fortinet/fortianalyzer 6.4.0 - 7.4.9

fortinet/fortimanager 6.4.0 - 7.4.9

Published Mar 10, 2026

Tracked Since Mar 11, 2026