Main Vulnerability Database Vulnerabilities #VU123715

#VU123715 Cleartext storage of sensitive information in Fortinet, Inc products - CVE-2025-55717

Published: March 10, 2026

Vulnerability identifier: #VU123715

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-55717

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FortiMail
FortiRecorder
FortiVoice

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to cleartext storage of sensitive information in Debug Logs. An authenticated malicious administrator can obtain user's secrets via CLI commands.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-26-080

#VU123715 Cleartext storage of sensitive information in Fortinet, Inc products - CVE-2025-55717

Description

Remediation

External links

Please verify you're human