CVE-2025-46775

CVSS 5.2 MEDIUMEPSS 0.1%CWE-1295

In short

FortiExtender devices expose administrator credentials through debug log messages that can be accessed by authenticated users. This allows someone with basic access to gain full administrative control of the device.

Technical detail

An authenticated attacker can extract administrator credentials from debug logs in affected FortiExtender versions (7.0, 7.2, 7.4.0-7.4.6, 7.6.0-7.6.1) via debug commands. The vulnerability requires valid user authentication as a precondition; successful exploitation results in privilege escalation to administrative level.

Summary generated and translated by AI from the official description.

A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C

Affected products

Fortinet · FortiExtender

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-259