CVE-2025-46775

Summary

A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiExtender7.6.0 <= 7.6.1affected
FortinetFortiExtender7.4.0 <= 7.4.6affected
FortinetFortiExtender7.2.0 <= 7.2.5affected
FortinetFortiExtender7.0.0 <= 7.0.5affected

Weaknesses

  • CWE-1295: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References