CVE-2025-55717

medium

Description

A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-080

Details

Source: Mitre, NVD

Published: 2026-03-10

Updated: 2026-03-12

Risk Information

CVSS v2

Base Score: 3.7

Vector: CVSS2#AV:L/AC:H/Au:M/C:C/I:N/A:N

Severity: Low

CVSS v3

Base Score: 4

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00009

Detections

Analytics