平台
fortinet
组件
fortianalyzer
修复版本
7.6.5
7.4.9
7.2.13
7.0.17
6.4.16
7.6.5
7.4.9
7.2.13
7.0.17
6.4.16
7.6.4
7.4.8
7.2.11
7.0.15
6.4.8
7.6.3
7.4.8
7.2.11
7.0.15
6.4.8
CVE-2025-68482 describes an improper certificate validation vulnerability discovered in Fortinet FortiAnalyzer and FortiManager. This flaw allows a remote, unauthenticated attacker to potentially intercept and view confidential information through a man-in-the-middle (MiTM) attack. The vulnerability impacts FortiAnalyzer versions 6.4 through 7.6.4, as well as FortiManager versions 6.4 through 7.6.4. A fix is available via updated versions.
The primary impact of CVE-2025-68482 is the potential for unauthorized access to sensitive data. An attacker positioned as a MiTM can intercept network traffic between a client and the FortiAnalyzer/FortiManager appliance. Because certificate validation is inadequate, the attacker can present a forged certificate, effectively impersonating the legitimate appliance. This allows them to decrypt and view confidential information transmitted over the network, such as user credentials, configuration data, and security logs. The scope of data exposure depends on the network configuration and the types of data processed by the FortiAnalyzer/FortiManager. Successful exploitation could lead to significant data breaches and compromise the integrity of the security infrastructure.
CVE-2025-68482 was published on 2026-03-10. The vulnerability's severity is rated as MEDIUM. No public proof-of-concept (PoC) code has been publicly released as of the publication date. The vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog. The EPSS score is pending evaluation.
Organizations heavily reliant on FortiAnalyzer and FortiManager for centralized security management are at significant risk. Environments with weak network segmentation or legacy configurations are particularly vulnerable. Shared hosting environments where multiple tenants share the same FortiAnalyzer/FortiManager instance also face increased risk, as a compromise could potentially impact multiple tenants.
• fortinet / server:
# Check FortiAnalyzer/FortiManager version
/opt/fortinet/fortimanager/bin/config get version
# Monitor system logs for certificate-related errors
journalctl -u fortianalyzer -g 'certificate validation failed'• generic web:
# Check for exposed certificate endpoints (may require authentication)
curl -I https://<fortianalyzer_ip>/certificatedisclosure
漏洞利用状态
EPSS
0.02% (4% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-68482 is to upgrade FortiAnalyzer and FortiManager to a patched version. Fortinet has not released specific fixed versions in the provided data, so consult Fortinet's security advisories for the latest available patches. If upgrading immediately is not possible, consider implementing network segmentation to limit the potential impact of a successful attack. Additionally, enforce strict certificate pinning policies where feasible to further strengthen certificate validation. Monitor network traffic for suspicious MiTM activity. While not a direct fix, ensuring strong network security practices can reduce the likelihood of exploitation.
将 FortiAnalyzer 更新到 7.6.4、7.4.8、7.2.12、7.0.16 和 6.4.15 之后的版本以修复不正确的证书验证。这将缓解中间人 (MitM) 攻击和潜在的机密信息泄露风险。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-68482 is a MEDIUM severity vulnerability in Fortinet FortiAnalyzer and FortiManager allowing a MiTM attack to expose confidential information due to improper certificate validation.
You are affected if you are running FortiAnalyzer or FortiManager versions 6.4 through 7.6.4. Check your version and upgrade as soon as possible.
Upgrade to a patched version of FortiAnalyzer or FortiManager. Consult Fortinet's security advisories for the latest available patches.
As of the publication date, there are no confirmed reports of active exploitation, but the vulnerability is publicly known.
Refer to the official Fortinet security advisory for CVE-2025-68482 on the Fortinet support website.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。