CVE-2025-55717

A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.3 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-26-080	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortivoice::::::::
	cpe:2.3:a:fortinet:fortivoice:7.2.0:::::::*

Configuration 2 (hide)

cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortimail::::::::

History

No history.

Information

Published : 2026-03-10 18:17

Updated : 2026-03-12 20:39

NVD link : CVE-2025-55717

Mitre link : CVE-2025-55717

CVE.ORG link : CVE-2025-55717

JSON object : View

Products Affected

fortinet

fortirecorder
fortivoice
fortimail

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2025-55717", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.3}]}, "published": "2026-03-10T18:17:58.543", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-080", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device."}, {"lang": "es", "value": "Una vulnerabilidad de almacenamiento de informaci\u00f3n sensible en texto claro [CWE-312] vulnerabilidad en Fortinet FortiMail 7.6.0 hasta 7.6.2, FortiMail 7.4.0 hasta 7.4.4, FortiMail 7.2.0 hasta 7.2.7, FortiMail 7.0.0 hasta 7.0.8, FortiRecorder 7.2.0 hasta 7.2.3, FortiRecorder 7.0 todas las versiones, FortiRecorder 6.4 todas las versiones, FortiVoice 7.2.0, FortiVoice 7.0.0 hasta 7.0.6 puede permitir a un administrador malicioso autenticado obtener los secretos del usuario a trav\u00e9s de comandos CLI. La explotabilidad pr\u00e1ctica est\u00e1 limitada por condiciones fuera del control del atacante: Un administrador debe iniciar sesi\u00f3n en el dispositivo objetivo."}], "lastModified": "2026-03-12T20:39:40.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58472BB4-2426-44B5-8D17-9C984EA567EB", "versionEndExcluding": "7.0.7", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76B48D4B-338A-4CEB-8712-6D880FF0F034"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "858BA90E-F4C0-44D3-B453-FBCAC8848BAB", "versionEndExcluding": "7.2.4", "versionStartIncluding": "6.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F05ACB93-42BC-43CD-845F-35FA9FE1D92D", "versionEndExcluding": "7.0.9", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8395970D-F937-4D1C-9FE1-90348F33FA94", "versionEndExcluding": "7.2.8", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A40DE6A-D852-4B7E-BA67-B5DBBB3D427C", "versionEndExcluding": "7.4.5", "versionStartIncluding": "7.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2F1655C-A21F-4FD3-875C-4E1DD8A7E178", "versionEndExcluding": "7.6.3", "versionStartIncluding": "7.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}