Fortivoice
CVE-2025-55717
MEDIUM
Severity by source
AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.
AnalysisAI
A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited ...
Technical ContextAI
This vulnerability (CWE-312: Cleartext Storage of Sensitive Information) affects Fortivoice. A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by
RemediationAI
Monitor vendor advisories for a patch.
More in Fortivoice
View allArbitrary file write and folder deletion in Fortinet FortiManager, FortiOS, and FortiProxy is possible via a path traver
An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 an
Privilege escalation via path traversal affects multiple Fortinet appliances - FortiWeb (6.4, 7.0, 7.2, 7.4.0-7.4.4, 7.6
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiV
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS versio
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allo
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEn
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS versi
A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison we
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS versio
An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] vulnerabi
Same weakness CWE-312 – Cleartext Storage of Sensitive Information
View allShare
External POC / Exploit Code
Leaving vuln.today