CVE-2025-46775

CWE-12954 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 93.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet Fortiextender FirmwareFortinet Fortiextender
Timeline
PublishedNov 18

Description

A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortiextender_firmware7.0.07.4.8+1
CVEListV5fortinet/fortiextender7.6.07.6.1+3

🔴Vulnerability Details

2
CVEList
CVE-2025-46775: A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 72025-11-18
GHSA
GHSA-6vg5-gh5c-gr5c: A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 72025-11-18

📋Vendor Advisories

1
Fortinet
Credential leakage through debug commands2025-11-18
CVE-2025-46775 (MEDIUM CVSS 5.5) | A debug messages revealing unnecess | cvebase.io