Fortinet FortiAnalyzer and FortiManager: Unrestricted Admin Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.7

Fortinet FortiAnalyzer and FortiManager: Unrestricted Admin Access

CVE-2025-48418

Summary

Certain versions of Fortinet's FortiAnalyzer and FortiManager products have a security issue that allows an authenticated administrator to gain more access than they should. This means an attacker could use a secret command to gain control of the system. It's essential to update to the latest version to prevent unauthorized access.

Original title

Original description

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.0 through 7.2.10, FortiManager 7.0.0 through 7.0.14, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command.

nvd CVSS3.1 6.7

Vulnerability type

CWE-912

https://fortiguard.fortinet.com/psirt/FG-IR-26-081

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026