CVE-2025-59921

CWE-200Information Exposure4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 41.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiadc
Timeline
PublishedOct 14

Description

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortiadc6.2.07.1.5+2
CVEListV5fortinet/fortiadc7.2.07.2.3+4

🔴Vulnerability Details

2
CVEList
CVE-2025-59921: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 72025-10-14
GHSA
GHSA-957v-4339-m5w7: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 72025-10-14

📋Vendor Advisories

1
Fortinet
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0...2025-10-14
CVE-2025-59921 (MEDIUM CVSS 6.5) | An exposure of sensitive informatio | cvebase.io