CVE-2025-48418
Received Received - Intake
Hidden Command Privilege Escalation in FortiAnalyzer and FortiManager

Publication date: 2026-03-10

Last updated on: 2026-03-12

Assigner: Fortinet, Inc.

Description
A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.0 through 7.2.10, FortiManager 7.0.0 through 7.0.14, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-12
Generated
2026-05-07
AI Q&A
2026-03-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-48418
EUVD
EUVD-2025-208484
Affected Vendors & Products
Showing 16 associated CPEs
Vendor Product Version / Range
fortinet fortimanager From 7.6.0 (inc) to 7.6.4 (exc)
fortinet fortimanager From 6.4.0 (inc) to 7.0.15 (exc)
fortinet fortimanager From 7.2.0 (inc) to 7.2.11 (exc)
fortinet fortimanager From 7.4.0 (inc) to 7.4.8 (exc)
fortinet fortimanager_cloud From 6.4.1 (inc) to 7.0.15 (exc)
fortinet fortimanager_cloud From 7.2.1 (inc) to 7.2.11 (exc)
fortinet fortimanager_cloud From 7.4.1 (inc) to 7.4.8 (exc)
fortinet fortimanager_cloud From 7.6.2 (inc) to 7.6.4 (exc)
fortinet fortianalyzer From 7.6.0 (inc) to 7.6.4 (exc)
fortinet fortianalyzer From 7.2.0 (inc) to 7.2.11 (exc)
fortinet fortianalyzer From 6.4.0 (inc) to 7.0.15 (exc)
fortinet fortianalyzer From 7.4.0 (inc) to 7.4.8 (exc)
fortinet fortianalyzer_cloud From 6.4.1 (inc) to 7.0.15 (exc)
fortinet fortianalyzer_cloud From 7.2.1 (inc) to 7.2.11 (exc)
fortinet fortianalyzer_cloud From 7.4.1 (inc) to 7.4.8 (exc)
fortinet fortianalyzer_cloud 7.6.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-912 The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Fortinet FortiAnalyzer and FortiManager products (including cloud versions) across multiple versions. It involves a hidden functionality that allows a remote authenticated read-only administrator with CLI access to escalate their privileges by using a hidden command.


How can this vulnerability impact me? :

The vulnerability allows a user who only has read-only administrative access to escalate their privileges. This means that an attacker with limited access could gain higher-level permissions, potentially leading to unauthorized changes, data exposure, or disruption of services.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart