cbcvebase.
CVE-2025-68649
published 2026-04-14

CVE-2025-68649: An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer…

medium6.5CVSS 3.1
AVNACLPRHUINSUCNIHAH
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
fortinetfortianalyzer
fortinetfortianalyzer>= 7.0.0 < 7.4.87.4.8
fortinetfortianalyzer7.0.0 – 7.0.16
fortinetfortianalyzer7.2.0 – 7.2.12
fortinetfortianalyzer7.4.0 – 7.4.7
fortinetfortianalyzer>= 7.6.0 < 7.6.57.6.5
fortinetfortianalyzer7.6.0 – 7.6.4
fortinetfortianalyzer_cloud
fortinetfortianalyzer_cloud>= 7.0.0 < 7.4.87.4.8
fortinetfortianalyzer_cloud7.0.1 – 7.0.16
fortinetfortianalyzer_cloud7.2.1 – 7.2.12
fortinetfortianalyzer_cloud7.4.1 – 7.4.7
fortinetfortianalyzer_cloud>= 7.6.0 < 7.6.57.6.5
fortinetfortimanager
fortinetfortimanager>= 7.0.0 < 7.4.87.4.8
fortinetfortimanager7.0.0 – 7.0.16
fortinetfortimanager7.2.0 – 7.2.12
fortinetfortimanager7.4.0 – 7.4.7
fortinetfortimanager>= 7.6.0 < 7.6.57.6.5
fortinetfortimanager7.6.0 – 7.6.4
fortinetfortimanager_cloud>= 7.0.0 < 7.4.87.4.8
fortinetfortimanager_cloud7.0.1 – 7.0.16
fortinetfortimanager_cloud7.2.1 – 7.2.12
fortinetfortimanager_cloud7.4.1 – 7.4.7
fortinetfortimanager_cloud>= 7.6.0 < 7.6.57.6.5