CVE-2025-48418

CWE-9125 documents5 sources
Severity
7.2HIGH
EPSS
0.1%
top 71.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Fortinet FortianalyzerFortinet Fortianalyzer CloudFortinet Fortimanager+1 more
Timeline
PublishedMar 10

Description

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.0

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages8 packages

NVDfortinet/fortimanager_cloud6.4.17.0.15+3
NVDfortinet/fortianalyzer_cloud6.4.17.0.15+3
CVEListV5fortinet/fortimanager_cloud7.6.27.6.3+4
CVEListV5fortinet/fortianalyzer_cloud7.4.17.4.7+4
NVDfortinet/fortimanager6.4.07.0.15+3

🔴Vulnerability Details

2
GHSA
GHSA-pf26-74cx-2vmm: A hidden functionality vulnerability in Fortinet FortiAnalyzer 72026-03-10
CVEList
CVE-2025-48418: A hidden functionality vulnerability in Fortinet FortiAnalyzer 72026-03-10

📋Vendor Advisories

1
Fortinet
Privilege escalation using undocumented CLI command2026-03-10

🕵️Threat Intelligence

1
Wiz
CVE-2025-48418 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-48418 (HIGH CVSS 7.2) | A hidden functionality vulnerabilit | cvebase.io