CVE-2025-68649 - CERT CVE

  1. CVE-2025-68649

ID CVE-2025-68649
Sažetak An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.
Reference
CVSS
Base: 6.0
Impact: 5.2
Exploitability:0.8
Pristup
VektorSloženostAutentikacija
LOCAL LOW HIGH
Impact
PovjerljivostCjelovitostDostupnost
NONE HIGH HIGH
CVSS vektor CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Zadnje važnije ažuriranje 14-04-2026 - 16:16
Objavljeno 14-04-2026 - 16:16