Main Vulnerability Database Vulnerabilities #VU118601

#VU118601 Insufficiently protected credentials in FortiExtender - CVE-2025-46775

Published: November 18, 2025

Vulnerability identifier: #VU118601

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-46775

CWE-ID: CWE-522

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FortiExtender

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a local authenticated user to gain access to sensitive information.

The vulnerability exists due to insufficiently protected credentials. An authenticated user can obtain administrator credentials via debug log commands.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-25-259

#VU118601 Insufficiently protected credentials in FortiExtender - CVE-2025-46775

Description

Remediation

External links

Please verify you're human