CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2025-68649

unknowncovered by 1 sourcefirst seen 2026-04-14
CVSSv3 Score: 5.4 An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and FortiManager Cloud may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. Revised on 2026-04-14 00:00:00

CSIRTS triage

What
Privileged attackers may delete files from the filesystem via crafted CLI requests.
Who is affected
Privileged users of the specified Fortinet products.
Urgency
Remediation is important to prevent unauthorized file deletion.
Action
Review and restrict CLI access permissions.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2025-68649

Get an email if CVE-2025-68649 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2025-68649

CVE.org record

Embed the live status

CVE-2025-68649 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2025-68649 status](https://www.csirts.com/badge/CVE-2025-68649)](https://www.csirts.com/cve/CVE-2025-68649)