CVE-2025-68648

CWE-134 — Uncontrolled Format String5 documents5 sources

Severity

7.2HIGH

EPSS

0.1%

top 75.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortianalyzer Cloud Fortinet Fortimanager +1 more

Timeline

PublishedMar 10

Description

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiMa…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages8 packages

▶NVDfortinet/fortimanager_cloud7.0.0 — 7.4.8+1

▶NVDfortinet/fortianalyzer_cloud7.0.0 — 7.4.8+1

▶CVEListV5fortinet/fortimanager_cloud7.6.2 — 7.6.3+3

▶CVEListV5fortinet/fortianalyzer_cloud7.4.1 — 7.4.7+3

▶NVDfortinet/fortimanager7.0.0 — 7.4.8+1

🔴Vulnerability Details

CVEList

CVE-2025-68648: A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7↗2026-03-10

▶

GHSA

GHSA-hvh3-476h-jj48: A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7↗2026-03-10

▶

📋Vendor Advisories

Fortinet

Format string vulnerability in fazsvcd↗2026-03-10

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68648 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶