CVE-2025-31514
LOWFortiOS 6.4.0-7.6.3 and FortiProxy 7.0.0-7.6.3 - Sensitive Information Disclosure in Log Files
Title source: llmDescription
A insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to information disclosure via <insert attack vector here>
References (2)
Core 2
Core References
Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-24-452
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Scores
CVSS v3
2.7
EPSS
0.0033
EPSS Percentile
24.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-532
Status
published
Products (17)
Fortinet/FortiOS
6.4.0 - 6.4.16
fortinet/fortios
6.4.0 - 7.6.4
Fortinet/FortiOS
7.0.0 - 7.0.18
Fortinet/FortiOS
7.0.0 - 7.0.19
Fortinet/FortiOS
7.2.0 - 7.2.12
Fortinet/FortiOS
7.2.0 - 7.2.13
Fortinet/FortiOS
7.4.0 - 7.4.11
Fortinet/FortiOS
7.4.0 - 7.4.9
Fortinet/FortiOS
7.6.0 - 7.6.2
Fortinet/FortiProxy
7.0.0 - 7.0.22
... and 7 more
Published
Oct 14, 2025
Tracked Since
Feb 18, 2026