Cyber Resilience

CVE-2025-48418

Medium

Published: 10 March 2026

Published
10 March 2026
Modified
12 March 2026
KEV Added
Patch
CVSS Score v3.1 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 28.9th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-48418 is a medium-severity Hidden Functionality (CWE-912) vulnerability in Fortinet Fortimanager. Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 28.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-48418 is a hidden functionality vulnerability (CWE-912) affecting multiple versions of Fortinet FortiAnalyzer and FortiManager products, including both on-premises and Cloud deployments. Specifically, it impacts FortiAnalyzer 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10, 7.0.0 through 7.0.14, and 6.4 all versions; FortiAnalyzer Cloud 7.6.2, 7.4.1 through 7.4.7, 7.2.1 through 7.2.10, 7.0.1 through 7.0.14, and 6.4 all versions; FortiManager 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10, 7.0.0 through 7.0.14, and 6.4 all versions; and FortiManager Cloud 7.6.2 through 7.6.3, 7.4.1 through 7.4.7, 7.2.1 through 7.2.10, 7.0.1 through 7.0.14, and 6.4 all versions. The vulnerability has a CVSS v3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

A remote authenticated read-only administrator with CLI access can exploit this vulnerability by using a hidden command to escalate privileges. The attack requires local access vectors as per the CVSS assessment, low complexity, high privileges for initial access, and no user interaction, potentially leading to high confidentiality, integrity, and availability impacts.

Fortinet's PSIRT advisory (FG-IR-26-081) provides details on mitigation and patching; security practitioners should consult this reference for specific remediation steps.

EU & UK References

Vulnerability details

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer…

more

Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.0 through 7.2.10, FortiManager 7.0.0 through 7.0.14, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Hidden CLI command enables authenticated read-only admin to escalate privileges via direct exploitation of the backdoor functionality.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-35273Same product: Fortinet Fortianalyzer
CVE-2024-35275Same product: Fortinet Fortianalyzer
CVE-2025-68648Same product: Fortinet Fortianalyzer
CVE-2024-33503Same product: Fortinet Fortianalyzer
CVE-2024-45331Same product: Fortinet Fortianalyzer
CVE-2024-50563Same product: Fortinet Fortianalyzer
CVE-2024-35276Same product: Fortinet Fortianalyzer
CVE-2025-61848Same product: Fortinet Fortianalyzer
CVE-2024-46662Same product: Fortinet Fortimanager
CVE-2024-40584Same product: Fortinet Fortianalyzer

Affected Assets

fortinet
fortimanager
6.4.0 — 7.0.15 · 7.2.0 — 7.2.11 · 7.4.0 — 7.4.8
fortinet
fortimanager cloud
6.4.1 — 7.0.15 · 7.2.1 — 7.2.11 · 7.4.1 — 7.4.8
fortinet
fortianalyzer
6.4.0 — 7.0.15 · 7.2.0 — 7.2.11 · 7.4.0 — 7.4.8
fortinet
fortianalyzer cloud
7.6.2 · 6.4.1 — 7.0.15 · 7.2.1 — 7.2.11 · 7.4.1 — 7.4.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents a read-only admin from executing hidden commands that escalate privileges beyond the assigned role.

prevent

Enforces the intended access-control policy that should block unauthorized CLI commands for read-only administrators.

prevent

Requires disabling or removing non-essential/hidden functionality such as the undocumented privilege-escalation command.

References