Main Vulnerability Database Vulnerabilities #VU118601

Insufficiently protected credentials in FortiExtender - CVE-2025-46775

Published: November 18, 2025

Vulnerability identifier: #VU118601

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-46775

CWE-ID: CWE-522

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiExtender

Detailed vulnerability description

The vulnerability allows a local authenticated user to gain access to sensitive information.

The vulnerability exists due to insufficiently protected credentials. An authenticated user can obtain administrator credentials via debug log commands.

How to mitigate CVE-2025-46775

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-25-259

Insufficiently protected credentials in FortiExtender - CVE-2025-46775

Detailed vulnerability description

How to mitigate CVE-2025-46775

Sources

Please verify you're human