An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Fortinet FortiManager Cloud unaffected
Version Status Constraints
7.6.2 affected ≤ 7.6.4
7.4.1 affected ≤ 7.4.7
7.2.1 affected ≤ 7.2.12
7.0.1 affected ≤ 7.0.16
Fortinet FortiManager unaffected
Version Status Constraints
7.6.0 affected ≤ 7.6.4
7.4.0 affected ≤ 7.4.7
7.2.0 affected ≤ 7.2.12
7.0.0 affected ≤ 7.0.16
Fortinet FortiAnalyzer unaffected
Version Status Constraints
7.6.0 affected ≤ 7.6.4
7.4.0 affected ≤ 7.4.7
7.2.0 affected ≤ 7.2.12
7.0.0 affected ≤ 7.0.16
Fortinet FortiAnalyzer Cloud unaffected
Version Status Constraints
7.6.2 affected
7.4.1 affected ≤ 7.4.7
7.2.1 affected ≤ 7.2.12
7.0.1 affected ≤ 7.0.16

No data.

No data.

No data.

Project Subscriptions

Vendors Products
Fortinet Subscribe
Fortianalyzer Subscribe
Fortianalyzercloud Subscribe
Fortimanager Subscribe
Fortimanagercloud Subscribe
Advisories

No advisories yet.

Fixes

Solution

Upgrade to FortiManager Cloud version 7.6.5 or above Upgrade to FortiManager Cloud version 7.4.8 or above Upgrade to FortiManager version 7.6.5 or above Upgrade to FortiManager version 7.4.8 or above Upgrade to FortiAnalyzer version 7.6.5 or above Upgrade to FortiAnalyzer version 7.4.8 or above Upgrade to FortiAnalyzer Cloud version 7.6.5 or above Upgrade to FortiAnalyzer Cloud version 7.4.8 or above

Workaround

No workaround given by the vendor.

References
Link Providers
https://fortiguard.fortinet.com/psirt/FG-IR-26-120 cve-icon cve-icon
History

Tue, 14 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Description An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.
First Time appeared Fortinet
Fortinet fortianalyzer
Fortinet fortianalyzercloud
Fortinet fortimanager
Fortinet fortimanagercloud
Weaknesses CWE-22
CPEs cpe:2.3:a:fortinet:fortianalyzercloud:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.15:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.16:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.4.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.15:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.16:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.4.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.6.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.16:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortianalyzer
Fortinet fortianalyzercloud
Fortinet fortimanager
Fortinet fortimanagercloud
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-04-14T16:46:14.224Z

Reserved: 2025-12-22T07:42:48.338Z

Link: CVE-2025-68649

cve-icon Vulnrichment

Updated: 2026-04-14T16:36:53.182Z

cve-icon NVD

Status : Received

Published: 2026-04-14T16:16:34.760

Modified: 2026-04-14T16:16:34.760

Link: CVE-2025-68649

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses