A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Fortinet Subscribe
Fortimail Subscribe
Fortirecorder Subscribe
Fortivoice Subscribe

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

Upgrade to FortiVoice version 7.2.1 or above Upgrade to FortiVoice version 7.0.7 or above Upgrade to FortiMail version 7.6.3 or above Upgrade to FortiMail version 7.4.5 or above Upgrade to FortiMail version 7.2.8 or above Upgrade to FortiMail version 7.0.9 or above Upgrade to FortiRecorder version 7.2.4 or above

Workaround

No workaround given by the vendor.

References
Link Providers
https://fortiguard.fortinet.com/psirt/FG-IR-26-080 cve-icon cve-icon
History

Tue, 10 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Description A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.
First Time appeared Fortinet
Fortinet fortimail
Fortinet fortirecorder
Fortinet fortivoice
Weaknesses CWE-312
CPEs cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortimail
Fortinet fortirecorder
Fortinet fortivoice
References
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-03-10T16:44:08.324Z

Reserved: 2025-08-14T12:37:31.087Z

Link: CVE-2025-55717

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-10T18:17:58.543

Modified: 2026-03-10T18:17:58.543

Link: CVE-2025-55717

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses