Fortinet Fortimanager Cloud vulnerabilities

25 known vulnerabilities affecting fortinet/fortimanager_cloud.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL5HIGH15MEDIUM3LOW2

Vulnerabilities

Page 1 of 2

CVE-2025-68648HIGHCVSS 7.2≥ 7.0.0, < 7.4.8≥ 7.6.0, < 7.6.5+4 more2026-03-10

CVE-2025-68648 [HIGH] CWE-134 CVE-2025-68648: A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7 A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all

cvelistv5nvd

CVE-2025-48418HIGHCVSS 7.2≥ 6.4.1, < 7.0.15≥ 7.2.1, < 7.2.11+7 more2026-03-10

CVE-2025-48418 [MEDIUM] CWE-912 CVE-2025-48418: A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7. A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Clou

cvelistv5nvd

CVE-2026-22572HIGHCVSS 7.2≥ 7.2.2, < 7.4.8≥ 7.6.0, < 7.6.42026-03-10

CVE-2026-22572 [HIGH] CWE-288 CVE-2026-22572: An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may allow an attacker with knowledge of the admins password

nvd

CVE-2025-68482MEDIUMCVSS 5.9≥ 7.6.2, ≤ 7.6.3≥ 7.4.1, ≤ 7.4.7+3 more2026-03-10

CVE-2025-68482 [MEDIUM] CWE-295 CVE-2025-68482: A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, Forti A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versi

cvelistv5nvd

CVE-2026-22629LOWCVSS 3.7≥ 6.4.0, < 7.6.5≥ 7.6.2, ≤ 7.6.3+4 more2026-03-10

CVE-2026-22629 [LOW] CWE-307 CVE-2026-22629: An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4 all versions, FortiAnalyzer Cloud 7.2 a

cvelistv5nvd

CVE-2024-50571HIGHCVSS 7.2≥ 6.4.1, < 7.0.14≥ 7.2.1, < 7.2.10+6 more2025-10-14

CVE-2024-50571 [HIGH] CWE-122 CVE-2024-50571: A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnaly A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer 7.2.0 through 7.2.9, FortiAnalyzer 7.0.0 through 7.0.13, FortiAnalyzer 6.4 all versions, FortiAnalyzer 6.2 all versions, FortiAnalyzer 6.0 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.5, FortiAnalyzer Cloud

cvelistv5nvd

CVE-2024-47569MEDIUMCVSS 4.3≥ 7.4.1, < 7.4.4≥ 7.4.1, ≤ 7.4.32025-10-14

CVE-2024-47569 [MEDIUM] CWE-201 CVE-2024-47569: A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 throug A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 al

cvelistv5nvd

CVE-2024-52964MEDIUMCVSS 6.5≥ 6.4.1, ≤ 7.0.13≥ 7.2.1, < 7.2.10+1 more2025-08-12

CVE-2024-52964 [MEDIUM] CWE-22 CVE-2024-52964: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5 and before 7.2.9 allows an authenticated remote attacker to overw

nvd

CVE-2025-24474LOWCVSS 2.7≥ 6.4.1, < 7.4.72025-07-08

CVE-2025-24474 [LOW] CWE-89 CVE-2025-24474: An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerabilit An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiManager Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiAnalyzer 7.6.0 through 7.6.1, 7.4

nvd

CVE-2024-46662HIGHCVSS 8.8≥ 7.4.1, < 7.4.42025-03-14

CVE-2024-46662 [HIGH] CWE-77 CVE-2024-46662: A improper neutralization of special elements used in a command ('command injection') in Fortinet Fo A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets

nvd

CVE-2024-33504HIGHCVSS 7.7≥ 6.4.1, < 7.2.9≥ 7.4.1, < 7.4.62025-02-11

CVE-2024-33504 [MEDIUM] CWE-321 CVE-2024-33504: A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiMana A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled.

nvd

CVE-2024-40584HIGHCVSS 7.2≥ 6.4.1, ≤ 7.0.14≥ 7.2.1, < 7.2.6+1 more2025-02-11

CVE-2024-40584 [HIGH] CWE-78 CVE-2024-40584: An improper neutralization of special elements used in an OS command ('OS Command Injection') vulner An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13

nvd

CVE-2024-50563CRITICALCVSS 9.8≥ 7.4.1, < 7.4.42025-01-16

CVE-2024-50563 [HIGH] CWE-1390 CVE-2024-50563: A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7. A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-fo

nvd

CVE-2024-45331HIGHCVSS 7.8≥ 7.0.1, < 7.2.7≥ 7.4.1, < 7.4.42025-01-16

CVE-2024-45331 [HIGH] CWE-266 CVE-2024-45331: A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 throu A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13

nvd

CVE-2024-48884CRITICALCVSS 9.1≥ 7.4.1, < 7.4.4≥ 7.4.1, ≤ 7.4.32025-01-14

CVE-2024-48884 [HIGH] CWE-22 CVE-2024-48884: A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fo A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiP

cvelistv5nvd

CVE-2024-35276CRITICALCVSS 9.8≥ 6.4.1, < 7.0.12≥ 7.2.1, < 7.2.6+1 more2025-01-14

CVE-2024-35276 [MEDIUM] CWE-121 CVE-2024-35276: A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6

nvd

CVE-2024-48886CRITICALCVSS 9.8≥ 7.4.1, < 7.4.42025-01-14

CVE-2024-48886 [CRITICAL] CWE-1390 CVE-2024-48886: A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 t A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 throug

nvd

CVE-2024-33503HIGHCVSS 7.8≥ 7.0.1, < 7.2.7≥ 7.4.1, < 7.4.42025-01-14

CVE-2024-33503 [MEDIUM] CWE-266 CVE-2024-33503: A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands

nvd

CVE-2024-35273HIGHCVSS 8.8≥ 7.4.1, < 7.4.32025-01-14

CVE-2024-35273 [HIGH] CWE-787 CVE-2024-35273: A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7. A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.

nvd

CVE-2024-50566HIGHCVSS 8.8≥ 7.2.2, < 7.2.8≥ 7.4.0, < 7.4.5+3 more2025-01-14

CVE-2024-50566 [HIGH] CWE-78 CVE-2024-50566: A improper neutralization of special elements used in an os command ('os command injection') vulnera A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4, FortiManager Cloud 7.2.2 through 7.2.7, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.1 through 7.2.8 may allow an a

cvelistv5nvd

1 / 2Next →