CVE-2025-61713

CWE-3164 documents4 sources
Severity
4.4MEDIUM
EPSS
0.0%
top 99.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortipam
Timeline
PublishedNov 18

Description

A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated attacker with read-write admin privileges to the CLI to obtain other administrators' credentials via diagnose commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:NExploitability: 0.6 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortipam1.0.01.6.1
CVEListV5fortinet/fortipam1.5.01.5.1+6

🔴Vulnerability Details

2
GHSA
GHSA-r649-q23f-j395: A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 12025-11-18
CVEList
CVE-2025-61713: A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 12025-11-18

📋Vendor Advisories

1
Fortinet
A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 1.6.0, FortiPAM 1.5...2025-11-18
CVE-2025-61713 (MEDIUM CVSS 4.4) | A Cleartext Storage of Sensitive In | cvebase.io