Path Traversal Vulnerability in Fortinet FortiAnalyzer and FortiManager Products
CVE-2025-68649

5.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortimanager Cloud; Fortimanager; Fortianalyzer; Fortianalyzer Cloud
Vendor: CVE Published:; 14 April 2026

What is CVE-2025-68649?

Fortinet products, including FortiAnalyzer and FortiManager, are affected by a path traversal vulnerability that permits an attacker with appropriate privileges to manipulate command-line interface (CLI) requests. This flaw can enable unauthorized file deletion from the underlying filesystem, posing a significant risk to system integrity and data security. The vulnerability affects a range of versions across both FortiAnalyzer and FortiManager, making it crucial for users to implement recommended mitigations promptly.

Affected Version(s)

FortiAnalyzer 7.6.0 <= 7.6.4

FortiAnalyzer 7.4.0 <= 7.4.7

FortiAnalyzer 7.2.0 <= 7.2.12

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-120

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Dec 22, 2025

CVE-2025-68649 Data

JSON