- Description
- An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortios
CVSS 3.1
- Type
- Secondary
- Base score
- 5.9
- Impact score
- 3.6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- psirt@fortinet.com
- CWE-200
- Hype score
- Not currently trending
استغلال ثغرات أمنية في أجهزة FortiGate لإنشاء روابط رمزية خبيثة تمنح المهاجمين وصولاً مستمراً للقراءة فقط إلى ملفات النظام، حتى بعد سد ثغرات الاختراق، وفق @For
@cyberscastx
15 Mar 2026
605 Impressions
1 Retweet
2 Likes
2 Bookmarks
1 Reply
0 Quotes
『allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests.』 CVE-2025-68686 FortiOS SSL-VPN SSL-VPN Symlink Persistence Patch Bypass https://t.co/obE2kEzSJw
@autumn_good_35
13 Feb 2026
305 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74C354FE-3415-4844-A89C-A163BC265D71",
"versionEndExcluding": "7.4.7",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8563B77B-03AB-4ED2-BE70-DCF636FE0B60",
"versionEndExcluding": "7.6.2",
"versionStartIncluding": "7.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]