Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.9
Fortinet FortiAnalyzer and FortiManager: Confidential Data Exposure
CVE-2025-68482
Summary
A security flaw in Fortinet's FortiAnalyzer and FortiManager software makes it possible for an attacker to intercept sensitive information being sent between your company and your Fortinet devices. This could happen if an attacker intercepts your internet traffic. To protect your data, update to the latest version of the software as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| fortinet | fortimanager | > 6.4.0 , <= 7.4.9 | – |
| fortinet | fortimanager | > 7.6.0 , <= 7.6.5 | – |
| fortinet | fortianalyzer | > 6.4.0 , <= 7.4.9 | – |
| fortinet | fortianalyzer | > 7.6.0 , <= 7.6.5 | – |
Original title
A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, For...
Original description
A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack.
nvd CVSS3.1
6.9
Vulnerability type
CWE-295
Improper Certificate Validation
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026