CVE-2025-68648

7.2 HIGH

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4...

Published: 2026-03-10 · Last updated: 2026-05-26

Severity and scoring

CVSS: 7.2 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-134

Affected products

Vendor	Product
fortinet	fortianalyzer, fortianalyzer_cloud, fortimanager

Description

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14 may allow an attacker to escalate its privileges via specially crafted requests.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-68648
[Vendor advisory]https://fortiguard.fortinet.com/psirt/FG-IR-26-092

Related CVEs

Same vendor

CVE-2026-44277 — A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through ... (9.8 CRITICAL)
CVE-2026-25690 — An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 throu... (4.3 MEDIUM)
CVE-2026-25088 — An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through ... (5.4 MEDIUM)
CVE-2025-53844 — A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 al... (8.8 HIGH)
CVE-2026-24858 — An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through... (9.8 CRITICAL)

Same CWE

CVE-2026-6242 — An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of external...
CVE-2026-6241 — An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improper...
CVE-2026-50211 — Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privi... (9.8 CRITICAL)
CVE-2026-7835 — A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of servi... (3.1 LOW)
CVE-2026-6474 — Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via craf... (4.3 MEDIUM)