プラットフォーム
fortinet
コンポーネント
fortianalyzer
修正版
7.6.5
7.4.9
7.2.13
7.0.17
6.4.16
7.6.5
7.4.9
7.2.13
7.0.17
6.4.16
7.6.4
7.4.8
7.2.11
7.0.15
6.4.8
7.6.3
7.4.8
7.2.11
7.0.15
6.4.8
CVE-2025-68482 describes an improper certificate validation vulnerability discovered in Fortinet FortiAnalyzer and FortiManager. This flaw allows a remote, unauthenticated attacker to potentially intercept and view confidential information through a man-in-the-middle (MiTM) attack. The vulnerability impacts FortiAnalyzer versions 6.4 through 7.6.4, as well as FortiManager versions 6.4 through 7.6.4. A fix is available via updated versions.
The primary impact of CVE-2025-68482 is the potential for unauthorized access to sensitive data. An attacker positioned as a MiTM can intercept network traffic between a client and the FortiAnalyzer/FortiManager appliance. Because certificate validation is inadequate, the attacker can present a forged certificate, effectively impersonating the legitimate appliance. This allows them to decrypt and view confidential information transmitted over the network, such as user credentials, configuration data, and security logs. The scope of data exposure depends on the network configuration and the types of data processed by the FortiAnalyzer/FortiManager. Successful exploitation could lead to significant data breaches and compromise the integrity of the security infrastructure.
CVE-2025-68482 was published on 2026-03-10. The vulnerability's severity is rated as MEDIUM. No public proof-of-concept (PoC) code has been publicly released as of the publication date. The vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog. The EPSS score is pending evaluation.
Organizations heavily reliant on FortiAnalyzer and FortiManager for centralized security management are at significant risk. Environments with weak network segmentation or legacy configurations are particularly vulnerable. Shared hosting environments where multiple tenants share the same FortiAnalyzer/FortiManager instance also face increased risk, as a compromise could potentially impact multiple tenants.
• fortinet / server:
# Check FortiAnalyzer/FortiManager version
/opt/fortinet/fortimanager/bin/config get version
# Monitor system logs for certificate-related errors
journalctl -u fortianalyzer -g 'certificate validation failed'• generic web:
# Check for exposed certificate endpoints (may require authentication)
curl -I https://<fortianalyzer_ip>/certificatedisclosure
エクスプロイト状況
EPSS
0.02% (4% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-68482 is to upgrade FortiAnalyzer and FortiManager to a patched version. Fortinet has not released specific fixed versions in the provided data, so consult Fortinet's security advisories for the latest available patches. If upgrading immediately is not possible, consider implementing network segmentation to limit the potential impact of a successful attack. Additionally, enforce strict certificate pinning policies where feasible to further strengthen certificate validation. Monitor network traffic for suspicious MiTM activity. While not a direct fix, ensuring strong network security practices can reduce the likelihood of exploitation.
FortiAnalyzer を 7.6.4、7.4.8、7.2.12、7.0.16、および 6.4.15 以降のバージョンにアップデートして、不適切な証明書検証を修正してください。これにより、Man-in-the-middle (MitM) 攻撃と機密情報の潜在的な開示のリスクが軽減されます。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-68482 is a MEDIUM severity vulnerability in Fortinet FortiAnalyzer and FortiManager allowing a MiTM attack to expose confidential information due to improper certificate validation.
You are affected if you are running FortiAnalyzer or FortiManager versions 6.4 through 7.6.4. Check your version and upgrade as soon as possible.
Upgrade to a patched version of FortiAnalyzer or FortiManager. Consult Fortinet's security advisories for the latest available patches.
As of the publication date, there are no confirmed reports of active exploitation, but the vulnerability is publicly known.
Refer to the official Fortinet security advisory for CVE-2025-68482 on the Fortinet support website.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。