CVE-2025-55717

MEDIUM

Fortinet FortiMail/FortiRecorder/FortiVoice - Info Disclosure

Title source: llm

Description

A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.

References (1)

[Various Sources] https://fortiguard.fortinet.com/psirt/FG-IR-26-080

Scores

CVSS v3 4.0

EPSS 0.0001

EPSS Percentile 0.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-312

Status published

Products (4)

fortinet/fortimail 7.0.0 - 7.0.9

fortinet/fortirecorder 6.4.0 - 7.2.4

fortinet/fortivoice 7.2.0

fortinet/fortivoice 7.0.0 - 7.0.7

Published Mar 10, 2026

Tracked Since Mar 11, 2026