CVE-2025-54971

Published: Nov 18, 2025Modified: Nov 20, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product

Affected (1)

Products: Fortinet: Fortiadc

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiadc	From 6.2.0 to 7.4.3

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-25-686

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.