CVE-2025-48418

🔶 medium

Summary

Description

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.0 through 7.2.10, FortiManager 7.0.0 through 7.0.14, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command.

CVSS Score

6.7

Medium

EPSS Score

0.1

Exploit Probability

Published Date

2026-03-10

First Seen: 2026-03-11

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 48.9% of all 326,604 vulnerabilities in our database.

#167,034

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Mar 11, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Total

Complete system compromise possible

SSVC data provided by CISA

Last Modified 2026-03-12

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE IDs (Weakness Types)

CWE-912

📦 Affected Products 16

Vendor	Product	Status	Affected Versions
fortinet	fortianalyzer	Affected	> 6.4.0 < 7.0.15
fortinet	fortianalyzer	Affected	> 7.2.0 < 7.2.11
fortinet	fortianalyzer	Affected	> 7.4.0 < 7.4.8
fortinet	fortianalyzer	Affected	> 7.6.0 < 7.6.4
fortinet	fortimanager	Affected	> 6.4.0 < 7.0.15
fortinet	fortimanager	Affected	> 7.2.0 < 7.2.11
fortinet	fortimanager	Affected	> 7.4.0 < 7.4.8
fortinet	fortimanager	Affected	> 7.6.0 < 7.6.4
fortinet	fortimanager_cloud	Affected	> 6.4.1 < 7.0.15
fortinet	fortimanager_cloud	Affected	> 7.2.1 < 7.2.11
fortinet	fortimanager_cloud	Affected	> 7.4.1 < 7.4.8
fortinet	fortimanager_cloud	Affected	> 7.6.2 < 7.6.4
fortinet	fortianalyzer_cloud	Affected	> 6.4.1 < 7.0.15
fortinet	fortianalyzer_cloud	Affected	> 7.2.1 < 7.2.11
fortinet	fortianalyzer_cloud	Affected	> 7.4.1 < 7.4.8
fortinet	fortianalyzer_cloud	Affected	v7.6.2

Vendor

Product

Status

Affected Versions

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-67604	🔶 medium	5.3	0.1	A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0...	2026-05-12
CVE-2025-61848	⚠️ high	7.2	0.0	An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiA...	2026-04-14
CVE-2026-22828	⚠️ high	8.1	0.2	A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2...	2026-04-14
CVE-2025-49784	🔶 medium	6.0	0.0	An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiA...	2026-03-10
CVE-2025-68482	🔶 medium	6.9	0.0	A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 throu...	2026-03-10
CVE-2025-68648	⚠️ high	7.2	0.1	A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer ...	2026-03-10