CVE-2025-68686
Analyzed Analyzed - Analysis Complete
Sensitive Information Exposure in Fortinet FortiOS via Symlink Bypass

Publication date: 2026-02-10

Last updated on: 2026-02-12

Assigner: Fortinet, Inc.

Description
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-02-10
EPSS Evaluated
2026-06-14
NVD
CVE-2025-68686
EUVD
EUVD-2025-207440
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
fortinet fortios From 7.6.0 (inc) to 7.6.2 (exc)
fortinet fortios From 6.4.0 (inc) to 7.4.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) found in multiple versions of Fortinet FortiOS. It allows a remote unauthenticated attacker to bypass a patch related to the symbolic link persistency mechanism by sending specially crafted HTTP requests. However, the attacker must have already compromised the product through another vulnerability at the filesystem level before exploiting this issue.

Impact Analysis

The vulnerability can lead to unauthorized exposure of sensitive information because an attacker who has already compromised the system can bypass existing patches and potentially access protected data. This could result in data leaks or further exploitation of the system.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68686. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart