← Back

CVE-2025-55717

nvd nist
Published: Mar 10, 2026Modified: Mar 12, 2026

JSON object

Loading...
4.0
Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Exploitability: 0.3 / Impact: 3.6
Source: NVD

Description

A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.

Affected (7)

Fortinet
3 products
Fortivoice
Fortirecorder
Fortimail
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Fortivoice
From 7.0.0 to 7.0.7
Fortivoice
Version 7.2.0
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Fortirecorder
From 6.4.0 to 7.2.4
Configuration C
4 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Fortimail
From 7.0.0 to 7.0.9
Fortimail
From 7.2.0 to 7.2.8
Fortimail
From 7.4.0 to 7.4.5
Fortimail
From 7.6.0 to 7.6.3

Related CWEs

CWE-312
Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (1)

Source: psirt@fortinet.com
Vendor Advisory

Timeline

No history available yet.