CVE-2025-55717

Summary

A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiVoice7.2.0affected
FortinetFortiVoice7.0.0 <= 7.0.6affected
FortinetFortiMail7.6.0 <= 7.6.2affected
FortinetFortiMail7.4.0 <= 7.4.4affected
FortinetFortiMail7.2.0 <= 7.2.7affected
FortinetFortiMail7.0.0 <= 7.0.8affected
FortinetFortiRecorder7.2.0 <= 7.2.3affected
FortinetFortiRecorder7.0.0 <= 7.0.6affected
FortinetFortiRecorder6.4.0 <= 6.4.6affected

Weaknesses

  • CWE-312: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References