PT-2026-24238 · Fortinet · Fortimanager+3
Published
2026-03-10
·
Updated
2026-03-18
·
CVE-2025-68648
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiAnalyzer versions 7.0 through 7.6.4
Fortinet FortiAnalyzer Cloud versions 7.0 through 7.6.4
Fortinet FortiManager versions 7.0 through 7.6.4
Fortinet FortiManager Cloud versions 7.0 through 7.6.4
Fortinet FortiAnalyzer versions 7.2
Fortinet FortiAnalyzer Cloud versions 7.2
Fortinet FortiManager versions 7.2
Fortinet FortiManager Cloud versions 7.2
Fortinet FortiAnalyzer versions 7.4.0 through 7.4.7
Fortinet FortiAnalyzer Cloud versions 7.4.0 through 7.4.7
Fortinet FortiManager versions 7.4.0 through 7.4.7
Fortinet FortiManager Cloud versions 7.4.0 through 7.4.7
Fortinet FortiAnalyzer versions 7.6.0 through 7.6.4
Fortinet FortiAnalyzer Cloud versions 7.6.0 through 7.6.4
Fortinet FortiManager versions 7.6.0 through 7.6.4
Fortinet FortiManager Cloud versions 7.6.0 through 7.6.4
Description
The issue is a use of externally-controlled format string. Exploitation may allow a remote attacker to escalate privileges through specially crafted requests.
Recommendations
Fortinet FortiAnalyzer versions 7.0 through 7.6.4: Update to a newer version.
Fortinet FortiAnalyzer Cloud versions 7.0 through 7.6.4: Update to a newer version.
Fortinet FortiManager versions 7.0 through 7.6.4: Update to a newer version.
Fortinet FortiManager Cloud versions 7.0 through 7.6.4: Update to a newer version.
Fortinet FortiAnalyzer versions 7.2: Update to a newer version.
Fortinet FortiAnalyzer Cloud versions 7.2: Update to a newer version.
Fortinet FortiManager versions 7.2: Update to a newer version.
Fortinet FortiManager Cloud versions 7.2: Update to a newer version.
Fortinet FortiAnalyzer versions 7.4.0 through 7.4.7: Update to a newer version.
Fortinet FortiAnalyzer Cloud versions 7.4.0 through 7.4.7: Update to a newer version.
Fortinet FortiManager versions 7.4.0 through 7.4.7: Update to a newer version.
Fortinet FortiManager Cloud versions 7.4.0 through 7.4.7: Update to a newer version.
Fortinet FortiAnalyzer versions 7.6.0 through 7.6.4: Update to a newer version.
Fortinet FortiAnalyzer Cloud versions 7.6.0 through 7.6.4: Update to a newer version.
Fortinet FortiManager versions 7.6.0 through 7.6.4: Update to a newer version.
Fortinet FortiManager Cloud versions 7.6.0 through 7.6.4: Update to a newer version.
Fix
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortianalyzer
Fortianalyzer Cloud
Fortimanager
Fortimanager Cloud