CVE-2025-46777 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2025-46777

Analyzed

More Info Official Page

Source-psirt@fortinet.com

Published At-28 May, 2025 | 08:15

Updated At-04 Jun, 2025 | 15:37

A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	2.3	LOW	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Primary	3.1	2.7	LOW	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 2.3

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 3.1

Base score: 2.7

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CPE Matches

>>fortiportal>>Versions from 7.0.0(inclusive) to 7.0.10(exclusive)

cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*

>>fortiportal>>Versions from 7.2.0(inclusive) to 7.2.6(exclusive)

cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*

>>fortiportal>>7.4.0

cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-532	Primary	psirt@fortinet.com

CWE ID: CWE-532

Type: Primary

Source: psirt@fortinet.com

References

Hyperlink	Source	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-380	psirt@fortinet.com	Vendor Advisory

Hyperlink: https://fortiguard.fortinet.com/psirt/FG-IR-24-380

Source: psirt@fortinet.com

Resource:

Vendor Advisory