CVE-2025-68686

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 6.4 through 7.6.1 Fortinet FortiOS versions 7.0 Fortinet FortiOS versions 7.2 Fortinet FortiOS versions 7.4.0 through 7.4.6 Fortinet FortiOS versions 7.6.0 through 7.6.1

Description A flaw exists in Fortinet FortiOS that could allow a remote, unauthenticated attacker to bypass a patch designed to prevent symbolic link persistence. This bypass is achievable through specifically crafted HTTP requests. Successful exploitation requires prior compromise of the system at the filesystem level through a separate vulnerability.

Recommendations Fortinet FortiOS version 6.4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Fortinet FortiOS version 7.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Fortinet FortiOS version 7.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Fortinet FortiOS versions 7.4.0 through 7.4.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Fortinet FortiOS versions 7.6.0 through 7.6.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.