cbcvebase.
CVE-2026-25815
published 2026-02-05

CVE-2026-25815: Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16…

PriorityP276low3.2CVSS 3.1
AVLACHPRNUINSCCLINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.11%
1.3th percentile
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers' installations). NOTE: the Supplier's position is that the instance of CWE-1394 is not a vulnerability because customers "are supposed to enable" a non-default option that eliminates the weakness. However, that non-default option can disrupt functionality as shown in the "Managing FortiGates with private data encryption" document, and is therefore intentionally not a default option.

Affected

1 ranges
VendorProductVersion rangeFixed in
fortinetfortios<= 7.6.6

CVSS provenance

nvdv3.13.2LOWCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
vulncheck3.2LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.