CVE-2025-31514

Summary

A insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to information disclosure via <insert attack vector here>

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.6.0 <= 7.6.2affected
FortinetFortiOS7.4.0 <= 7.4.11affected
FortinetFortiOS7.2.0 <= 7.2.13affected
FortinetFortiOS7.0.0 <= 7.0.19affected
FortinetFortiOS6.4.0 <= 6.4.16affected
FortinetFortiProxy7.6.0 <= 7.6.3affected
FortinetFortiProxy7.4.0 <= 7.4.13affected
FortinetFortiProxy7.2.0 <= 7.2.16affected
FortinetFortiProxy7.0.0 <= 7.0.23affected

Weaknesses

  • CWE-532: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References