CVE-2025-55717

CWE-312Cleartext Storage of Sensitive Info5 documents5 sources
Severity
4.0MEDIUM
EPSS
0.0%
top 99.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Fortinet FortimailFortinet FortirecorderFortinet Fortivoice
Timeline
PublishedMar 10

Description

A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:NExploitability: 0.3 | Impact: 3.6

Affected Packages6 packages

NVDfortinet/fortimail7.0.07.0.9+3
CVEListV5fortinet/fortimail7.6.07.6.2+3
NVDfortinet/fortirecorder6.4.07.2.4
CVEListV5fortinet/fortirecorder7.2.07.2.3+2
NVDfortinet/fortivoice7.0.07.0.7+1

🔴Vulnerability Details

2
GHSA
GHSA-2h2g-hg5x-83g2: A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 72026-03-10
CVEList
CVE-2025-55717: A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 72026-03-10

📋Vendor Advisories

1
Fortinet
Insecure Exposure of Plaintext Passwords in Debug Logs2026-03-10

🕵️Threat Intelligence

1
Wiz
CVE-2025-55717 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-55717 (MEDIUM CVSS 4) | A cleartext storage of sensitive in | cvebase.io