CVE-2025-55717

{"id": "CVE-2025-55717", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.3}]}, "published": "2026-03-10T18:17:58.543", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-080", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device."}, {"lang": "es", "value": "Una vulnerabilidad de almacenamiento de informaci\u00f3n sensible en texto claro [CWE-312] vulnerabilidad en Fortinet FortiMail 7.6.0 hasta 7.6.2, FortiMail 7.4.0 hasta 7.4.4, FortiMail 7.2.0 hasta 7.2.7, FortiMail 7.0.0 hasta 7.0.8, FortiRecorder 7.2.0 hasta 7.2.3, FortiRecorder 7.0 todas las versiones, FortiRecorder 6.4 todas las versiones, FortiVoice 7.2.0, FortiVoice 7.0.0 hasta 7.0.6 puede permitir a un administrador malicioso autenticado obtener los secretos del usuario a trav\u00e9s de comandos CLI. La explotabilidad pr\u00e1ctica est\u00e1 limitada por condiciones fuera del control del atacante: Un administrador debe iniciar sesi\u00f3n en el dispositivo objetivo."}], "lastModified": "2026-03-12T20:39:40.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58472BB4-2426-44B5-8D17-9C984EA567EB", "versionEndExcluding": "7.0.7", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76B48D4B-338A-4CEB-8712-6D880FF0F034"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "858BA90E-F4C0-44D3-B453-FBCAC8848BAB", "versionEndExcluding": "7.2.4", "versionStartIncluding": "6.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F05ACB93-42BC-43CD-845F-35FA9FE1D92D", "versionEndExcluding": "7.0.9", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8395970D-F937-4D1C-9FE1-90348F33FA94", "versionEndExcluding": "7.2.8", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A40DE6A-D852-4B7E-BA67-B5DBBB3D427C", "versionEndExcluding": "7.4.5", "versionStartIncluding": "7.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2F1655C-A21F-4FD3-875C-4E1DD8A7E178", "versionEndExcluding": "7.6.3", "versionStartIncluding": "7.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}