CVE-2025-59921

Summary

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiADC7.4.0affected
FortinetFortiADC7.2.0 <= 7.2.3affected
FortinetFortiADC7.1.0 <= 7.1.4affected
FortinetFortiADC7.0.0 <= 7.0.6affected
FortinetFortiADC6.2.0 <= 6.2.6affected

Weaknesses

  • CWE-200: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References