Fortinet FortiAnalyzer
Moderate fix2 remedies
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*, +1 more
Moderate fix2 remedies
- >= 7.4.0, <= 7.4.2
- >= 7.2.0, <= 7.2.5
- ~7.0
- ~6.4
Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiPortal Key Management Vulnerability Allowing Private Key Retrieval
Vulnerability
Patched
A vulnerability allowing the retrieval of a certificate's private key through the admin shell has been identified in multiple Fortinet products, including FortiAnalyzer, FortiManager, FortiOS, and FortiPortal. This vulnerability affects several different versions and stems from key management errors that may allow an authenticated admin to access private keys.
Impact
Exploitation of this vulnerability could lead to improper access control, allowing unauthorized retrieval of private keys by authenticated administrators.
Remediation
Users can upgrade FortiAnalyzer to version 7.4.3 or above, 7.2.6 or above, and FortiManager to version 7.4.3 or above, 7.2.6 or above. FortiOS users should upgrade to version 7.6.1 or above, 7.4.5 or above, 7.2.8 or above, and 7.0.15 or above. FortiPortal users should migrate to a fixed release.
Added: Dec 11, 2025, 3:20 PM
Updated: Dec 11, 2025, 3:20 PM
Vulnerability Rating
Custom Algorithm
spread
6.8impact
2.5exploitability
4.4remediation
7.7relevance
1.4threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.