Description
A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-25-160
Scores
CVSS v3
4.4
EPSS
0.0015
EPSS Percentile
4.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-532
Status
published
Products (1)
fortinet/fortidlp_agent
11.4.5 - 12.0.5
Published
Oct 16, 2025
Tracked Since
Feb 18, 2026