CVE-2025-68649

Name of the Vulnerable Software and Affected Versions FortiAnalyzer versions 7.6.0 through 7.6.4 FortiAnalyzer versions 7.4.0 through 7.4.7 FortiAnalyzer version 7.2 FortiAnalyzer version 7.0 FortiAnalyzer Cloud versions 7.6.0 through 7.6.4 FortiAnalyzer Cloud versions 7.4.0 through 7.4.7 FortiAnalyzer Cloud version 7.2 FortiAnalyzer Cloud version 7.0 FortiManager versions 7.6.0 through 7.6.4 FortiManager versions 7.4.0 through 7.4.7 FortiManager version 7.2 FortiManager version 7.0 FortiManager Cloud versions 7.6.0 through 7.6.4 FortiManager Cloud versions 7.4.0 through 7.4.7 FortiManager Cloud version 7.2 FortiManager Cloud version 7.0

Description An improper limitation of a pathname to a restricted directory, known as path traversal, allows a privileged attacker to delete files from the underlying filesystem by using crafted CLI requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.