CVE-2025-46777

Published: May 28, 2025Modified: Jun 4, 2025

2.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.2 / Impact: 1.4

Source: NVD

Description

A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log.

Affected (3)

Products: Fortinet: Fortiportal

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiportal	From 7.0.0 to 7.0.10
Fortinet Fortiportal	From 7.2.0 to 7.2.6
Fortinet Fortiportal	Version 7.4.0

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-380

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.