Main Vulnerability Database Vulnerabilities #VU123715

Cleartext storage of sensitive information in Fortinet, Inc products - CVE-2025-55717

Published: March 10, 2026

Vulnerability identifier: #VU123715

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-55717

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiMail
FortiRecorder
FortiVoice

Detailed vulnerability description

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to cleartext storage of sensitive information in Debug Logs. An authenticated malicious administrator can obtain user's secrets via CLI commands.

How to mitigate CVE-2025-55717

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-26-080

Cleartext storage of sensitive information in Fortinet, Inc products - CVE-2025-55717

Detailed vulnerability description

How to mitigate CVE-2025-55717

Sources

Please verify you're human