CVE-2025-48418

Medienbericht

EPSS 0.1%
Veröffentlicht 10.03.2026 16:44:17
Zuletzt bearbeitet 12.03.2026 21:21:55
Quelle psirt@fortinet.com
CVE-Watchlists
Login
Unerledigt
Login

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.0 through 7.2.10, FortiManager 7.0.0 through 7.0.14, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ Fortimanager Version >= 6.4.0 < 7.0.15

Fortinet ≫ Fortimanager Version >= 7.2.0 < 7.2.11

Fortinet ≫ Fortimanager Version >= 7.4.0 < 7.4.8

Fortinet ≫ Fortimanager Version >= 7.6.0 < 7.6.4

Fortinet ≫ Fortimanager Cloud Version >= 6.4.1 < 7.0.15

Fortinet ≫ Fortimanager Cloud Version >= 7.2.1 < 7.2.11

Fortinet ≫ Fortimanager Cloud Version >= 7.4.1 < 7.4.8

Fortinet ≫ Fortimanager Cloud Version >= 7.6.2 < 7.6.4

Fortinet ≫ Fortianalyzer Version >= 6.4.0 < 7.0.15

Fortinet ≫ Fortianalyzer Version >= 7.2.0 < 7.2.11

Fortinet ≫ Fortianalyzer Version >= 7.4.0 < 7.4.8

Fortinet ≫ Fortianalyzer Version >= 7.6.0 < 7.6.4

Fortinet ≫ Fortianalyzer Cloud Version >= 6.4.1 < 7.0.15

Fortinet ≫ Fortianalyzer Cloud Version >= 7.2.1 < 7.2.11

Fortinet ≫ Fortianalyzer Cloud Version >= 7.4.1 < 7.4.8

Fortinet ≫ Fortianalyzer Cloud Version7.6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.266

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
psirt@fortinet.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

https://www.heise.de/news/Fortinet-schliesst-Brute-Force-und-Befehlsschmuggel-Luecken-in-FortiWeb-Co-11207011.html

Medienbericht

heise Security

11.03.2026 13:02

https://fortiguard.fortinet.com/psirt/FG-IR-26-081

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-48418

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-48418

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-48418

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-48418