CVE-2025-48418
Published: 10 March 2026
Summary
CVE-2025-48418 is a medium-severity Hidden Functionality (CWE-912) vulnerability in Fortinet Fortimanager. Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 28.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-48418 is a hidden functionality vulnerability (CWE-912) affecting multiple versions of Fortinet FortiAnalyzer and FortiManager products, including both on-premises and Cloud deployments. Specifically, it impacts FortiAnalyzer 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10, 7.0.0 through 7.0.14, and 6.4 all versions; FortiAnalyzer Cloud 7.6.2, 7.4.1 through 7.4.7, 7.2.1 through 7.2.10, 7.0.1 through 7.0.14, and 6.4 all versions; FortiManager 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10, 7.0.0 through 7.0.14, and 6.4 all versions; and FortiManager Cloud 7.6.2 through 7.6.3, 7.4.1 through 7.4.7, 7.2.1 through 7.2.10, 7.0.1 through 7.0.14, and 6.4 all versions. The vulnerability has a CVSS v3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
A remote authenticated read-only administrator with CLI access can exploit this vulnerability by using a hidden command to escalate privileges. The attack requires local access vectors as per the CVSS assessment, low complexity, high privileges for initial access, and no user interaction, potentially leading to high confidentiality, integrity, and availability impacts.
Fortinet's PSIRT advisory (FG-IR-26-081) provides details on mitigation and patching; security practitioners should consult this reference for specific remediation steps.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208484
Vulnerability details
A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer…
more
Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.0 through 7.2.10, FortiManager 7.0.0 through 7.0.14, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hidden CLI command enables authenticated read-only admin to escalate privileges via direct exploitation of the backdoor functionality.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents a read-only admin from executing hidden commands that escalate privileges beyond the assigned role.
Enforces the intended access-control policy that should block unauthorized CLI commands for read-only administrators.
Requires disabling or removing non-essential/hidden functionality such as the undocumented privilege-escalation command.