CVE-2025-55717

medium

Fortinet

CVSS v3 Base Score

4.0

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

EPSS Score

0.0%

Exploitation probability in 30 days

Top 99% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Confidentiality

High

Integrity

None

Availability

None

Published: March 10, 2026 (64 days ago)

Last Modified: March 12, 2026

Vendor: Fortinet

Source: NVD

Description

A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.

CWE

CWE-312

Affected Products

fortinet fortivoicefortinet fortirecorderfortinet fortimail

References

🔗 fortiguard.fortinet.com

CVE-2025-55717

Vulnerability Report

Description

CWE

Affected Products

References