← Retour aux CVEs
CVE-2025-55717
MEDIUM4.0
Description
A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.
Details CVE
Score CVSS v3.14.0
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Vecteur d'attaqueLOCAL
ComplexiteHIGH
Privileges requisHIGH
Interaction utilisateurREQUIRED
Publie3/10/2026
Derniere modification3/12/2026
Sourcenvd
Observations honeypot0
Produits affectes
fortinet:fortimailfortinet:fortirecorderfortinet:fortivoice
Faiblesses (CWE)
CWE-312
References
https://fortiguard.fortinet.com/psirt/FG-IR-26-080(psirt@fortinet.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.