CVE-2025-68482
Received
Received - Intake
Improper Certificate Validation in FortiAnalyzer and FortiManager Enables MiTM
Vulnerability report for CVE-2025-68482, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-10
Last updated on: 2026-03-12
Assigner: Fortinet, Inc.
Description
Description
A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortimanager | From 7.6.0 (inc) to 7.6.5 (exc) |
| fortinet | fortimanager | From 6.4.0 (inc) to 7.4.9 (exc) |
| fortinet | fortianalyzer | From 7.6.0 (inc) to 7.6.5 (exc) |
| fortinet | fortianalyzer | From 6.4.0 (inc) to 7.4.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |