Unrated severityNVD Advisory· Published Feb 10, 2026· Updated Feb 11, 2026

CVE-2025-68686

Description

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level.

Affected products

Fortinet/Fortiosv52 versions
cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*range: 7.6.0
- (no CPE)range: 7.6.0-7.6.1, 7.4.0-7.4.6, 7.2.*, 7.0.*, 6.4.*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.fortinet.com/psirt/FG-IR-25-934mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000