CVE-2025-54971

CWE-200 — Information Exposure CWE-532 — Log File Information Exposure4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 81.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiadc

Timeline

PublishedNov 18

Description

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDfortinet/fortiadc6.2.0 — 7.4.3

▶CVEListV5fortinet/fortiadc7.2.0 — 7.2.8+4

🔴Vulnerability Details

CVEList

CVE-2025-54971: An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7↗2025-11-18

▶

GHSA

GHSA-vh9q-rgw5-3gqx: An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7↗2025-11-18

▶

📋Vendor Advisories

Fortinet

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all...↗2025-11-18

▶