A CWE-295 improper certificate validation vulnerability (CVE-2025-68482, CVSSv3 6.3) in FortiManager and FortiAnalyzer GUI allows a remote unauthenticated attacker to perform a man-in-the-middle attack during initial FortiCloud registration, potentially leading to information disclosure. Affected versions are FortiManager/FortiAnalyzer 7.6.0-7.6.4, 7.4.0-7.4.8, and all versions of 7.2, 7.0, and 6.4. The solution is to upgrade to FortiManager/FortiAnalyzer 7.6.5 or 7.4.9 respectively, or migrate from other affected major releases to a fixed version.
PSIRT Lack of TLS Certificate Validation during initial SSO Authentication Summary An improper certificate validation [CWE-295] vulnerability in the FortiManager GUI may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack. Version Affected Solution FortiAnalyzer 8.0 Not affected Not Applicable FortiAnalyzer 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above FortiAnalyzer 7.4 7.4.0 through 7.4.8 Upgrade to 7.4.9 or above FortiAnalyzer 7.2 7.2 all versions Migrate to a fixed release FortiAnalyzer 7.0 7.0 all versions Migrate to a fixed release FortiAnalyzer 6.4 6.4 all versions Migrate to a fixed release FortiManager 8.0 Not affected Not Applicable FortiManager 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above FortiManager 7.4 7.4.0 through 7.4.8 Upgrade to 7.4.9 or above FortiManager 7.2 7.2 all versions Migrate to a fixed release FortiManager 7.0 7.0 all versions Migrate to a fixed release FortiManager 6.4 6.4 all versions Migrate to a fixed release This vulnerability is only possible on initial registration with FortiCloud. Acknowledgement Fortinet is pleased to thank Konrad Porzezynski for reporting this vulnerability under responsible disclosure. Timeline 2026-03-10: Initial publication IR Number FG-IR-26-078 Published Date Mar 10, 2026 Component GUI Severity Medium CVSSv3 Score 6.3 Impact Information disclosure CVE ID CVE-2025-68482 Download CVRF CSAF