CVE-2024-47575

Published Oct 23, 2024

Last updated 5 months ago

Exploit knownCVSS critical 9.8
FortiJump
Network
Zero-day

Overview

Description
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
Source
psirt@fortinet.com
NVD status
Analyzed
Products
fortimanager, fortimanager_cloud

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Fortinet FortiManager Missing Authentication Vulnerability
Exploit added on
Oct 23, 2024
Exploit action due
Nov 13, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@fortinet.com
CWE-306

Social media

Hype score
Not currently trending

  1. CISA gives feds until Friday to patch actively exploited Fortinet EMS flaw (CVE-2024-47575, CVSS 9.6). Zero-click RCE hits endpoint managers — enterprise admins, check your exposures now. https://t.co/vfC8cyod4d

    @thecircuitry_

    6 Apr 2026

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Critical FortiManager Zero-Day (#CVE-2024-47575): Unauthenticated RCE Exploit Exposes Enterprise Networks—Patch Now! + Video https://t.co/lf3uAVE8Tj Educational Purposes!

    @UndercodeUpdate

    5 Apr 2026

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. We added #Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/jJuZ0bt6gg & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/qVLNex0Y19

    @TacticalRefunds

    6 Dec 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-47575 - critical 🚨 FortiManager Unauthenticated Remote Code Execution > A missing authentication vulnerability in Fortinet FortiManager allows a remote unaut... 👾 https://t.co/sFLzLSQAq2 @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    31 Oct 2025

    20 Impressions

    0 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  5. We added #Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/ksAj4O43xl & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/XsaEImDRHP

    @RefundAgencyHQ

    19 Oct 2025

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. We added #Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/ZvdMYryw1F & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/x9zSYzfmRk

    @Agent_Geoffrey

    8 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. We added #Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/uJNlUSuOLy & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/Wjb1r1J0NX

    @TrustG_Refund

    6 Sept 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. We added #Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/uJNlUSuOLy & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/Ir7Y49PWAS

    @TrustG_Refund

    1 Sept 2025

    90 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as Fort... https://t.co/zxLtw3iN1q

    @pedri77

    25 Aug 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. We added #Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/UJXH5gLm7E & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/AqVZO0u49d

    @Refund_Comittee

    31 Jul 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. We added #Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/4k9liP2KQL & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/Z29HZXh7wz

    @BLOCKNET_RETRI

    23 Jul 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. We added #Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/nA0Stpq9dj & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/Xhni8JBn3g

    @TACTICALREFUND1

    29 Jun 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. We added #Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/tdXUCG5DMS & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/F0QMRT1YPn

    @CiaScammedTrace

    26 Mar 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. FortiManager Devices Mass Compromise Exploiting CVE-2024-47575 Vulnerability Shadowserver has issued a critical warning about the widespread exploitation of Fortinet FortiManager devices using the recently disclosed CVE-2024-47575 vulnerability. With a... https://t.co/h38bMy0tjI

    @SecurityAid

    23 Mar 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Tracked as CVE-2024-47575 (CVSS sc... https://t.co/P5EeiLwRzV

    @SecurityAid

    20 Mar 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Fortinet CVE-2024-47575: Urgent Zero-Day Exploitation Alert https://t.co/mEJMK4M53S

    @vault33org

    16 Mar 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. We added #Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/H5QZSnKtsZ & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/7sYhoFluUd

    @Refund_Agency

    28 Jan 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Just had a thought 💭: Over 15,000 FortiGate devices breached via the zero-day vulnerability CVE-2024-47575 😱. Hackers are stealing IPs & credentials! 🔑 Time to prioritize patching and monitoring! ⏳🔒 #CyberSecurity #InfoSec #ZeroDay https://t.co/lLHoZsYcl0 https://t.co/PwK

    @WTE_Solutions

    17 Jan 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 Zero-Day Alert: CVE-2024-47575 🚨 Un exploit critique cible FortiManager, menaçant les infrastructures réseau. 💻 Découvrez l’analyse et les défenses ici: https://t.co/q5xPKbB9Kx Bluesec – Securing tomorrow, today. #CyberSécurité #ZeroDay #FortiManager https://t.co/nPgzGUZUY

    @Bluesec_CS

    6 Jan 2025

    23 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CVE-2024-47575: A missing authentication for critical function in FortiManager FortiManager Cloud allows attacker to execute arbitrary code or commands via specially crafted requests. https://t.co/vMeGkWr0dL https://t.co/BMqelQe9sY

    @cyber_advising

    5 Jan 2025

    1337 Impressions

    6 Retweets

    28 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  21. Fortinet Releases Security Updates for FortiManager Fortinet has released a security update to address a critical vulnerability in FortiManager, identified as CVE-2024-47575. This flaw allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially

    @DefendEdge

    20 Dec 2024

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 私的2024年の悪用があった脆弱性3選。 ・Ivanti Connect Secure の複数の脆弱性(CVE-2023-46805等) ・PAN-OSの脆弱性(CVE-2024-3400) ・FortiManagerの脆弱性(CVE-2024-47575) どれも悪用済からの情報公開でパッチと共にまず侵害有無を調査すべきだが、しなくて侵害に気がついてない組織も多かった。

    @Sec_S_Owl

    19 Dec 2024

    1377 Impressions

    1 Retweet

    25 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  23. AttackerKB @ rapid7 Analysis for 'CVE-2024-47575'

    @byt3n33dl3

    19 Dec 2024

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Our team investigated the “FortiJump” vulnerability (CVE-2024-47575), uncovering risks exploited in the wild. Includes: • PoC & exploit analysis • Secure device management tips • Why proactive defense matters Full analysis: https://t.co/jVSDprxcSz #cybersecurity #FortiJump

    @bishopfox

    29 Nov 2024

    397 Impressions

    0 Retweets

    3 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  25. FortiManager のゼロデイ脆弱性 FortiJump CVE-2024-47575:PoC が公開 https://t.co/Yc2wspSoYT #CyberAttack #DataBreach #Exploit #FortiJump #Fortinet #FortiAnalyzer #FortiManager #Mandiant #PoCExploit #UNC5820 #Vulnerability #ZeroDay

    @iototsecnews

    27 Nov 2024

    53 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. GitHub - watchtowrlabs/Fortijump-Exploit-CVE-2024-47575: Fortinet Fortimanager Unauthenticated Remote Code Execution AKA FortiJump CVE-2024-47575 https://t.co/FHz2FHTXN5

    @akaclandestine

    24 Nov 2024

    1548 Impressions

    12 Retweets

    25 Likes

    7 Bookmarks

    8 Replies

    0 Quotes

  27. Actively exploited CVE : CVE-2024-47575

    @transilienceai

    23 Nov 2024

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. CVE-2024-47575: Frequently Asked Questions About FortiJump Zero-Day in FortiManager and FortiManager Cloud https://t.co/FDD4y2HOjO https://t.co/luNmqt6SYk

    @IT_Peurico

    20 Nov 2024

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. CVE-2024-47575: Frequently Asked Questions About FortiJump Zero-Day in FortiManager and FortiManager Cloud https://t.co/kUPbJstqIr https://t.co/C4TJvvhEho

    @IT_Peurico

    20 Nov 2024

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. 🚨Alert🚨CVE-2024-47575: Fortinet Fortimanager Unauthenticated Remote Code Execution AKA FortiJump 🔥PoC & Deep Dive: https://t.co/KrEvYPIZG9 🧐Git Link: : https://t.co/aOdodYPJZZ 📊 9.9K+ Services are found on https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:… https://t.co/M7K

    @HunterMapping

    19 Nov 2024

    3489 Impressions

    17 Retweets

    55 Likes

    25 Bookmarks

    1 Reply

    0 Quotes

  31. Actively exploited CVE : CVE-2024-47575

    @transilienceai

    19 Nov 2024

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  32. Updated Post: Vulnerabilidad Crítica en FortiManager Permite Ejecución Remota de Código (CVE-2024-47575) https://t.co/9lc6RveXzM

    @hualkana

    18 Nov 2024

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. New Post: Vulnerabilidad Crítica en FortiManager Permite Ejecución Remota de Código (CVE-2024-47575) https://t.co/9lc6RveXzM

    @hualkana

    18 Nov 2024

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 🛑 𝗙𝗼𝗿𝘁𝗶𝗻𝗲𝘁 : le correctif pour la faille de sécurité FortiJump (CVE-2024-47575) présente dans FortiManager peut être contourné ! Une nouvelle faille zero-day a été découverte ! 👉 Plus d'infos : https://t.co/c7kHxMDkGD #Fortinet #cybersecurite https://t.co/c7kHxMDkGD

    @ITConnect_fr

    18 Nov 2024

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. PoC Exploit Releases for Zero-Day CVE-2024-47575 Flaw in Fortinet FortiManager With a CVSS score of 9.8, this critical flaw in FortiManager and FortiAnalyzer devices allows remote, unauthenticated attackers to execute arbitrary code https://t.co/k47Z0OLaMG

    @the_yellow_fall

    18 Nov 2024

    724 Impressions

    6 Retweets

    12 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  36. Top 5 Trending CVEs: 1 - CVE-2024-23113 2 - CVE-2024-7965 3 - CVE-2024-47575 4 - CVE-2024-43451 5 - CVE-2024-5690 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    17 Nov 2024

    185 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Fortinet製FortiManagerにおける重要な機能に対する認証の欠如の脆弱性(CVE-2024-47575)等に関する注意喚起 https://t.co/ssuEWzBsfV @jpcert

    @hatunknown

    16 Nov 2024

    144 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. フォーティネット社FortiManagerのゼロデイ脆弱性FortiJump Higherが発見された。watchTowr報告。FortiJump (CVE-2024-47575)の修正が不適当であることによるもの。 https://t.co/gPM4hSTr4v

    @__kokumoto

    16 Nov 2024

    4252 Impressions

    25 Retweets

    48 Likes

    21 Bookmarks

    0 Replies

    2 Quotes

  39. Two weeks ago, my team (Capability Development Group @ Bishop Fox) published a deep dive on FortiManager in support of analyzing FortiJump (CVE-2024-47575, missing authentation in fgfmsd), which is being actively exploited in the wild. We cover prerequisite steps for discovering…

    @noperator

    15 Nov 2024

    13431 Impressions

    18 Retweets

    77 Likes

    32 Bookmarks

    2 Replies

    3 Quotes

  40. ...and we now have a @metasploit exploit module in the pull queue for the FortiManager vuln (CVE-2024-47575): https://t.co/dg1wMJLCuE https://t.co/adGGtLS0Hb

    @stephenfewer

    15 Nov 2024

    19121 Impressions

    62 Retweets

    200 Likes

    77 Bookmarks

    4 Replies

    2 Quotes

  41. GitHub - watchtowrlabs/Fortijump-Exploit-CVE-2024-47575: Fortinet Fortimanager Unauthenticated Remote Code Execution AKA FortiJump CVE-2024-47575 https://t.co/FHz2FHTXN5

    @akaclandestine

    15 Nov 2024

    759 Impressions

    6 Retweets

    8 Likes

    3 Bookmarks

    2 Replies

    0 Quotes

  42. Kritieke kwetsbaarheid ontdekt in fortimanager: wat u moet weten https://t.co/znSbjUBOlG #CVE-2024-47575 #FortiManager kwetsbaarheid #Cyberbeveiliging #Fortinet #Software update #Trending #Tech #Nieuws

    @TrendingNewsBot

    15 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Kritieke kwetsbaarheid in fortimanager ontdekt: urgente beveiligingsupdate vereist https://t.co/eXPuCFksjL #CVE-2024-47575 #FortiManager kwetsbaarheid #Fortinet beveiligingsupdate #kritieke cyberbeveiliging #netwerkbeveiliging #Trending #Tech #Nieuws

    @TrendingNewsBot

    15 Nov 2024

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Kritieke fortinet fortimanager kwetsbaarheid ontdekt: wat u moet weten https://t.co/9smW2mpsCa #Fortinet FortiManager kwetsbaarheid #CVE-2024-47575 #fortimanager beveiligingslek #kritieke cybersecurity bedreiging #fortimanager authenticatie fout #Trending #Tech #Nieuws

    @TrendingNewsBot

    15 Nov 2024

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575 https://t.co/X3wslAacax

    @tbbhunter

    15 Nov 2024

    737 Impressions

    0 Retweets

    10 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. 【更新】Fortinet製FortiManagerにおける脆弱性(CVE-2024-47575)等に関する注意喚起を更新。本脆弱性の詳細を解説する情報や別の脆弱性が存在すると指摘する情報が確認されています。Fortinet等が公開する最新情報を元に、対策や調査実施をご検討ください。^KK https://t.co/Zgw0z5dptb

    @jpcert

    15 Nov 2024

    4866 Impressions

    10 Retweets

    22 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  47. CVE-2024-47575 Fortinet FortiManager RCE exp(FortiJump) https://t.co/HId9RlOJMC https://t.co/RakIp2Zitt

    @gov_hack

    15 Nov 2024

    794 Impressions

    2 Retweets

    7 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  48. 🚨 Fortinet FortiManager Unauthenticated RCE (CVE-2024-47575) 🛠 Afecta a Toda sus Versiones 🔗 Research: https://t.co/SPJFpwOUiX 🔗 Source: https://t.co/3WfY3QMrDS #fortinet #fortimanager #fgfm #unauth #rce https://t.co/m4NKhYBYBR

    @HackingTeam777

    14 Nov 2024

    9233 Impressions

    51 Retweets

    195 Likes

    104 Bookmarks

    0 Replies

    0 Quotes

  49. Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575 https://t.co/54qWebqoRi

    @Dinosn

    14 Nov 2024

    1713 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  50. hop skip jump over to our latest blog post - analysing Fortinet's FortiJump CVE-2024-47575, FortiJump-Higher (we love this name😄) and beyond (PoC included) https://t.co/35Xg2OoKgP

    @watchtowrcyber

    14 Nov 2024

    21010 Impressions

    61 Retweets

    147 Likes

    56 Bookmarks

    6 Replies

    6 Quotes

Configurations

Related CVEs

  1. Citrix NetScaler Out-of-Bounds Read VulnerabilityCVE-2026-3055
  2. Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session MixupCVE-2026-4368
  3. An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4 all versions, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all versions, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4 all versions, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions, FortiManager Cloud 6.4 all versions may allow an attacker to bypass bruteforce protections via exploitation of race conditions. The latter raises the complexity of practical exploitation.CVE-2026-22629
  4. An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.CVE-2026-22572
  5. A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow an attacker to escalate its privileges via specially crafted requests.CVE-2025-68648

References

Sources include official advisories and independent security research.