Vulnerability Description
A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortivoice | >= 7.0.0, < 7.0.7 |
| Fortinet | Fortirecorder | >= 6.4.0, < 7.2.4 |
| Fortinet | Fortimail | >= 7.0.0, < 7.0.9 |
Related Weaknesses (CWE)
References
- https://fortiguard.fortinet.com/psirt/FG-IR-26-080Vendor Advisory
FAQ
What is CVE-2025-55717?
CVE-2025-55717 is a vulnerability with a CVSS score of 4.0 (MEDIUM). A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7....
How severe is CVE-2025-55717?
CVE-2025-55717 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-55717?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortivoice, Fortinet Fortirecorder, Fortinet Fortimail.