CVE-2025-54971

Summary

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product

Affected Software

VendorProductVersion RangeStatus
FortinetFortiADC7.4.0affected
FortinetFortiADC7.2.0 <= 7.2.8affected
FortinetFortiADC7.1.0 <= 7.1.5affected
FortinetFortiADC7.0.0 <= 7.0.6affected
FortinetFortiADC6.2.0 <= 6.2.6affected

Weaknesses

  • CWE-200: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References