Sensitive Information Exposure in Fortinet FortiOS
CVE-2025-68686

5.3MEDIUM

Key Information:

Vendor: Fortinet
Status: FortiOS
Vendor: CVE Published:; 10 February 2026

What is CVE-2025-68686?

A vulnerability exists in Fortinet FortiOS versions, allowing unauthorized remote access to sensitive information. This vulnerability arises from the inability of the system to effectively enforce security measures, specifically regarding the symbolic link persistency mechanism in certain post-exploit scenarios. To exploit this vulnerability, an attacker must first gain access to the system through another underlying vulnerability, thus creating potential risks for data breaches and unauthorized information retrieval.

Affected Version(s)

FortiOS 7.6.0 <= 7.6.1

FortiOS 7.4.0 <= 7.4.6

FortiOS 7.2.0 <= 7.2.13

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-934

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2026
Vulnerability Reserved
Dec 23, 2025

CVE-2025-68686 Data

JSON