CVE-2025-68649

N/A

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

对路径名的限制不恰当(路径遍历)

Fortinet多款产品 路径遍历漏洞

Fortinet FortiManager等都是美国飞塔（Fortinet）公司的产品。Fortinet FortiManager是一套集中化网络安全管理平台。Fortinet FortiAnalyzer是一套集中式网络安全报告解决方案。Fortinet FortiManager Cloud是一个基于云的网络管理软件。 Fortinet多款产品存在路径遍历漏洞，该漏洞源于路径遍历，可能导致特权攻击者通过特制CLI请求从底层文件系统删除文件。以下产品及版本受到影响：FortiAnalyzer 7.6.0至7

N/A

N/A