CVE-2025-68482

CWE-295 — Improper Certificate Validation5 documents5 sources

Severity

5.9MEDIUM

EPSS

0.0%

top 95.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortimanager Fortinet Fortianalyzer Cloud +1 more

Timeline

PublishedMar 10

Description

A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:NExploitability: 1.6 | Impact: 4.7

Affected Packages6 packages

▶NVDfortinet/fortimanager6.4.0 — 7.4.9+1

▶NVDfortinet/fortianalyzer6.4.0 — 7.4.9+1

▶CVEListV5fortinet/fortimanager7.6.0 — 7.6.4+4

▶CVEListV5fortinet/fortianalyzer7.6.0 — 7.6.4+4

▶CVEListV5fortinet/fortimanager_cloud7.6.2 — 7.6.3+4

🔴Vulnerability Details

GHSA

GHSA-pfxg-w7qf-6x65: A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7↗2026-03-10

▶

CVEList

CVE-2025-68482: A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7↗2026-03-10

▶

📋Vendor Advisories

Fortinet

Lack of TLS Certificate Validation during initial SSO Authentication↗2026-03-10

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68482 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶