PT-2026-24235 · Fortinet · Fortimail+2
Published
2026-03-10
·
Updated
2026-03-18
·
CVE-2025-55717
CVSS v3.1
4.0
Medium
| Vector | AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiMail versions 7.0.0 through 7.6.2
Fortinet FortiRecorder versions 6.4 and 7.0 through 7.2.3
Fortinet FortiVoice versions 7.0.0 through 7.2.0
Description
A cleartext storage of sensitive information issue [CWE-312] exists in the software. An authenticated malicious administrator may be able to obtain user secrets via Command Line Interface (CLI) commands. The practical exploitability of this issue is limited as an attacker must first log in to the targeted device.
Recommendations
Fortinet FortiMail versions 7.0.0 through 7.6.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Fortinet FortiRecorder versions 6.4 and 7.0 through 7.2.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Fortinet FortiVoice versions 7.0.0 through 7.2.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortimail
Fortirecorder
Fortivoice