Vulnerability-Lookup

CVE-2025-55717 (GCVE-0-2025-55717)

Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-10 20:32

Summary

A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.

Severity ?

3.8 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C

CWE

CWE-312 - Information disclosure

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-26-080

Impacted products

Vendor

Product

Version

Fortinet

FortiVoice

Affected: 7.2.0
Affected: 7.0.0 , ≤ 7.0.6 (semver)
    cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*

	Fortinet	FortiMail	Affected: 7.6.0 , ≤ 7.6.2 (semver) Affected: 7.4.0 , ≤ 7.4.4 (semver) Affected: 7.2.0 , ≤ 7.2.7 (semver) Affected: 7.0.0 , ≤ 7.0.8 (semver) cpe:2.3:a:fortinet:fortimail:7.6.2:::::::* cpe:2.3:a:fortinet:fortimail:7.6.1:::::::* cpe:2.3:a:fortinet:fortimail:7.6.0:::::::* cpe:2.3:a:fortinet:fortimail:7.4.4:::::::* cpe:2.3:a:fortinet:fortimail:7.4.3:::::::* cpe:2.3:a:fortinet:fortimail:7.4.2:::::::* cpe:2.3:a:fortinet:fortimail:7.4.1:::::::* cpe:2.3:a:fortinet:fortimail:7.4.0:::::::* cpe:2.3:a:fortinet:fortimail:7.2.7:::::::* cpe:2.3:a:fortinet:fortimail:7.2.6:::::::* cpe:2.3:a:fortinet:fortimail:7.2.5:::::::* cpe:2.3:a:fortinet:fortimail:7.2.4:::::::* cpe:2.3:a:fortinet:fortimail:7.2.3:::::::* cpe:2.3:a:fortinet:fortimail:7.2.2:::::::* cpe:2.3:a:fortinet:fortimail:7.2.1:::::::* cpe:2.3:a:fortinet:fortimail:7.2.0:::::::* cpe:2.3:a:fortinet:fortimail:7.0.8:::::::* cpe:2.3:a:fortinet:fortimail:7.0.7:::::::* cpe:2.3:a:fortinet:fortimail:7.0.6:::::::* cpe:2.3:a:fortinet:fortimail:7.0.5:::::::* cpe:2.3:a:fortinet:fortimail:7.0.4:::::::* cpe:2.3:a:fortinet:fortimail:7.0.3:::::::* cpe:2.3:a:fortinet:fortimail:7.0.2:::::::* cpe:2.3:a:fortinet:fortimail:7.0.1:::::::* cpe:2.3:a:fortinet:fortimail:7.0.0:::::::*
	Fortinet	FortiRecorder	Affected: 7.2.0 , ≤ 7.2.3 (semver) Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 6.4.0 , ≤ 6.4.6 (semver) cpe:2.3:a:fortinet:fortirecorder:7.2.3:::::::* cpe:2.3:a:fortinet:fortirecorder:7.2.2:::::::* cpe:2.3:a:fortinet:fortirecorder:7.2.1:::::::* cpe:2.3:a:fortinet:fortirecorder:7.2.0:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.6:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.5:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.4:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.3:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.2:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.1:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.0:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.6:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.5:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.4:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.3:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.2:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.1:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55717",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-10T20:29:35.564450Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-10T20:32:47.413Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiVoice",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.2",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.7",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiRecorder",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.6",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user\u0027s secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-312",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-10T16:44:08.324Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-080",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-080"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiVoice version 7.2.1 or above\nUpgrade to FortiVoice version 7.0.7 or above\nUpgrade to FortiMail version 7.6.3 or above\nUpgrade to FortiMail version 7.4.5 or above\nUpgrade to FortiMail version 7.2.8 or above\nUpgrade to FortiMail version 7.0.9 or above\nUpgrade to FortiRecorder version 7.2.4 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-55717",
    "datePublished": "2026-03-10T16:44:08.324Z",
    "dateReserved": "2025-08-14T12:37:31.087Z",
    "dateUpdated": "2026-03-10T20:32:47.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-55717\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2026-03-10T18:17:58.543\",\"lastModified\":\"2026-03-12T20:39:40.843\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user\u0027s secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de almacenamiento de informaci\u00f3n sensible en texto claro [CWE-312] vulnerabilidad en Fortinet FortiMail 7.6.0 hasta 7.6.2, FortiMail 7.4.0 hasta 7.4.4, FortiMail 7.2.0 hasta 7.2.7, FortiMail 7.0.0 hasta 7.0.8, FortiRecorder 7.2.0 hasta 7.2.3, FortiRecorder 7.0 todas las versiones, FortiRecorder 6.4 todas las versiones, FortiVoice 7.2.0, FortiVoice 7.0.0 hasta 7.0.6 puede permitir a un administrador malicioso autenticado obtener los secretos del usuario a trav\u00e9s de comandos CLI. La explotabilidad pr\u00e1ctica est\u00e1 limitada por condiciones fuera del control del atacante: Un administrador debe iniciar sesi\u00f3n en el dispositivo objetivo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.3,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.3,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-312\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.7\",\"matchCriteriaId\":\"58472BB4-2426-44B5-8D17-9C984EA567EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76B48D4B-338A-4CEB-8712-6D880FF0F034\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndExcluding\":\"7.2.4\",\"matchCriteriaId\":\"858BA90E-F4C0-44D3-B453-FBCAC8848BAB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.9\",\"matchCriteriaId\":\"F05ACB93-42BC-43CD-845F-35FA9FE1D92D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndExcluding\":\"7.2.8\",\"matchCriteriaId\":\"8395970D-F937-4D1C-9FE1-90348F33FA94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndExcluding\":\"7.4.5\",\"matchCriteriaId\":\"3A40DE6A-D852-4B7E-BA67-B5DBBB3D427C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.6.0\",\"versionEndExcluding\":\"7.6.3\",\"matchCriteriaId\":\"F2F1655C-A21F-4FD3-875C-4E1DD8A7E178\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-26-080\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-55717\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-10T20:29:35.564450Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-10T20:30:10.910Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiVoice\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.2.0\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.6\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiMail\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.6.2\"}, {\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.4\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.7\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.8\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiRecorder\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.3\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.6\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.4.6\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to FortiVoice version 7.2.1 or above\\nUpgrade to FortiVoice version 7.0.7 or above\\nUpgrade to FortiMail version 7.6.3 or above\\nUpgrade to FortiMail version 7.4.5 or above\\nUpgrade to FortiMail version 7.2.8 or above\\nUpgrade to FortiMail version 7.0.9 or above\\nUpgrade to FortiRecorder version 7.2.4 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-26-080\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-26-080\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user\u0027s secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-312\", \"description\": \"Information disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2026-03-10T16:44:08.324Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-55717\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-10T20:32:47.413Z\", \"dateReserved\": \"2025-08-14T12:37:31.087Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2026-03-10T16:44:08.324Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2025-55717

Vulnerability from fkie_nvd - Published: 2026-03-10 18:17 - Updated: 2026-03-12 20:39

Severity ?

4.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
4.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-26-080	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortivoice	*
fortinet	fortivoice	7.2.0
fortinet	fortirecorder	*
fortinet	fortimail	*
fortinet	fortimail	*
fortinet	fortimail	*
fortinet	fortimail	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58472BB4-2426-44B5-8D17-9C984EA567EB",
              "versionEndExcluding": "7.0.7",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76B48D4B-338A-4CEB-8712-6D880FF0F034",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "858BA90E-F4C0-44D3-B453-FBCAC8848BAB",
              "versionEndExcluding": "7.2.4",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F05ACB93-42BC-43CD-845F-35FA9FE1D92D",
              "versionEndExcluding": "7.0.9",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8395970D-F937-4D1C-9FE1-90348F33FA94",
              "versionEndExcluding": "7.2.8",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A40DE6A-D852-4B7E-BA67-B5DBBB3D427C",
              "versionEndExcluding": "7.4.5",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F1655C-A21F-4FD3-875C-4E1DD8A7E178",
              "versionEndExcluding": "7.6.3",
              "versionStartIncluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user\u0027s secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de almacenamiento de informaci\u00f3n sensible en texto claro [CWE-312] vulnerabilidad en Fortinet FortiMail 7.6.0 hasta 7.6.2, FortiMail 7.4.0 hasta 7.4.4, FortiMail 7.2.0 hasta 7.2.7, FortiMail 7.0.0 hasta 7.0.8, FortiRecorder 7.2.0 hasta 7.2.3, FortiRecorder 7.0 todas las versiones, FortiRecorder 6.4 todas las versiones, FortiVoice 7.2.0, FortiVoice 7.0.0 hasta 7.0.6 puede permitir a un administrador malicioso autenticado obtener los secretos del usuario a trav\u00e9s de comandos CLI. La explotabilidad pr\u00e1ctica est\u00e1 limitada por condiciones fuera del control del atacante: Un administrador debe iniciar sesi\u00f3n en el dispositivo objetivo."
    }
  ],
  "id": "CVE-2025-55717",
  "lastModified": "2026-03-12T20:39:40.843",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.3,
        "impactScore": 3.6,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.3,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-03-10T18:17:58.543",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-080"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Primary"
    }
  ]
}

GHSA-2H2G-HG5X-83G2

Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31

Details

Severity ?

4.0 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-55717"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T18:17:58Z",
    "severity": "MODERATE"
  },
  "details": "A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user\u0027s secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.",
  "id": "GHSA-2h2g-hg5x-83g2",
  "modified": "2026-03-10T18:31:18Z",
  "published": "2026-03-10T18:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55717"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-080"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2026-AVI-0265

Vulnerability from certfr_avis - Published: 2026-03-11 - Updated: 2026-03-11

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.

Concernant la vulnérabilité CVE-2025-66178, l'éditeur fournit certaines recommandations dans l'attente de la version correctrice.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiClient	FortiClientLinux versions 7.4.x antérieures à 7.4.5
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.6.x antérieures à 7.6.1
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.5
Fortinet	FortiClient	FortiClientLinux versions antérieures à 7.2.13
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.4.8
Fortinet	FortiManager	FortiManager versions antérieures à 7.6.5
Fortinet	FortiManager	FortiManager Cloud versions antérieures à 7.6.5
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.3
Fortinet	FortiDeceptor	FortiDeceptor toutes versions antérieures à 6.2.1
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.1
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions antérieures à 7.6.5
Fortinet	FortiSOAR	FortiSOAR Agent Communication Bridge versions antérieures à 1.1.1
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.6.7
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.7
Fortinet	FortiSIEM	FortiSIEM versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSIEM	FortiSIEM versions 7.3.x antérieures à 7.3.5
Fortinet	FortiWeb	FortiWeb versions 8.0.x antérieures à 8.0.4
Fortinet	FortiRecorder	FortiRecorder toutes versions antérieures à 7.2.4
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions antérieures à 7.4.5
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.8
Fortinet	FortiSwitch	FortiSwitchAXFixed versions 1.0.x antérieures à 1.0.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.6.5
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.9

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-26-078	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-096	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-098	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-080	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-088	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-094	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-092	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-090	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-081	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-095	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-093	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-083	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-087	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-079	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-086	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-077	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-082	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-097	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-085	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-091	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-089	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-084	2026-03-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientLinux versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.13",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.8",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.6.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.6.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor toutes versions ant\u00e9rieures \u00e0 6.2.1",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.6.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR Agent Communication Bridge versions ant\u00e9rieures \u00e0 1.1.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.7",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.5",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.4",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder toutes versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchAXFixed versions 1.0.x ant\u00e9rieures \u00e0 1.0.2",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.6.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-30897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-30897"
    },
    {
      "name": "CVE-2025-53608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53608"
    },
    {
      "name": "CVE-2026-24017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24017"
    },
    {
      "name": "CVE-2025-68648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68648"
    },
    {
      "name": "CVE-2026-24640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24640"
    },
    {
      "name": "CVE-2026-22572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22572"
    },
    {
      "name": "CVE-2025-48418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48418"
    },
    {
      "name": "CVE-2025-48840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48840"
    },
    {
      "name": "CVE-2026-24641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24641"
    },
    {
      "name": "CVE-2026-22627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22627"
    },
    {
      "name": "CVE-2025-55717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55717"
    },
    {
      "name": "CVE-2026-24018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24018"
    },
    {
      "name": "CVE-2025-54820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54820"
    },
    {
      "name": "CVE-2025-49784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49784"
    },
    {
      "name": "CVE-2026-22629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22629"
    },
    {
      "name": "CVE-2025-66178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66178"
    },
    {
      "name": "CVE-2026-25689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25689"
    },
    {
      "name": "CVE-2026-25972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25972"
    },
    {
      "name": "CVE-2025-54659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54659"
    },
    {
      "name": "CVE-2025-68482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68482"
    },
    {
      "name": "CVE-2026-22628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22628"
    },
    {
      "name": "CVE-2026-25836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25836"
    }
  ],
  "initial_release_date": "2026-03-11T00:00:00",
  "last_revision_date": "2026-03-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0265",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-03-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nConcernant la vuln\u00e9rabilit\u00e9 CVE-2025-66178, l\u0027\u00e9diteur fournit certaines recommandations dans l\u0027attente de la version correctrice.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-078",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-078"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-096",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-096"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-098",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-098"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-080",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-080"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-088",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-088"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-094",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-094"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-092",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-092"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-090",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-090"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-081",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-081"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-095",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-095"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-093",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-093"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-083",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-083"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-087",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-087"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-079",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-079"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-086",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-086"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-077",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-077"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-082",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-082"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-097",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-097"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-085",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-085"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-091",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-091"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-089",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-089"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-084",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-084"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-55717 (GCVE-0-2025-55717)

FKIE_CVE-2025-55717

GHSA-2H2G-HG5X-83G2

CERTFR-2026-AVI-0265

Solutions

Tags

Sightings

Nomenclature