Fortinet FortiOS up to 7.6.1 HTTP information disclosure

Summaryinfo

A vulnerability was found in Fortinet FortiOS up to 6.4.16/7.0.19/7.2.13/7.4.6/7.6.1. It has been declared as problematic. This affects an unknown part of the component HTTP Handler. The manipulation results in information disclosure. This vulnerability is cataloged as CVE-2025-68686. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability classified as problematic has been found in Fortinet FortiOS up to 6.4.16/7.0.19/7.2.13/7.4.6/7.6.1. Affected is some unknown processing of the component HTTP Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. This is going to have an impact on confidentiality. CVE summarizes:

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level.

The advisory is shared for download at fortiguard.fortinet.com. This vulnerability is traded as CVE-2025-68686 since 12/23/2025. The exploitability is told to be difficult. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

It is declared as attacked.

Upgrading to version 7.4.7 or 7.6.2 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at Zero-Day.cz (1068). Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Firewall Software

Vendor

• Fortinet

Name

• FortiOS

Version

• 6.4.0
• 6.4.1
• 6.4.2
• 6.4.3
• 6.4.4
• 6.4.5
• 6.4.6
• 6.4.7
• 6.4.8
• 6.4.9
• 6.4.10
• 6.4.11
• 6.4.12
• 6.4.13
• 6.4.14
• 6.4.15
• 6.4.16
• 7.0.0
• 7.0.1
• 7.0.2
• 7.0.3
• 7.0.4
• 7.0.5
• 7.0.6
• 7.0.7
• 7.0.8
• 7.0.9
• 7.0.10
• 7.0.11
• 7.0.12
• 7.0.13
• 7.0.14
• 7.0.15
• 7.0.16
• 7.0.17
• 7.0.18
• 7.0.19
• 7.2.0
• 7.2.1
• 7.2.2
• 7.2.3
• 7.2.4
• 7.2.5
• 7.2.6
• 7.2.7
• 7.2.8
• 7.2.9
• 7.2.10
• 7.2.11
• 7.2.12
• 7.2.13
• 7.4.0
• 7.4.1
• 7.4.2
• 7.4.3
• 7.4.4
• 7.4.5
• 7.4.6
• 7.6.0
• 7.6.1

License

• commercial

Website

• Vendor: https://www.fortinet.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion