CVE-2025-46777 (GCVE-0-2025-46777)
Vulnerability from cvelistv5
Published
2025-05-28 07:56
Modified
2025-05-28 13:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiPortal |
Version: 7.4.0 Version: 7.2.0 ≤ 7.2.5 Version: 7.0.0 ≤ 7.0.9 cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T13:30:18.489150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T13:30:23.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiPortal",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T07:56:03.616Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-380",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-380"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiPortal version 7.4.2 or above \nPlease upgrade to FortiPortal version 7.4.1 or above \nPlease upgrade to FortiPortal version 7.2.6 or above \nPlease upgrade to FortiPortal version 7.0.10 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-46777",
"datePublished": "2025-05-28T07:56:03.616Z",
"dateReserved": "2025-04-29T08:42:13.449Z",
"dateUpdated": "2025-05-28T13:30:23.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-46777\",\"sourceIdentifier\":\"[email protected]\",\"published\":\"2025-05-28T08:15:22.443\",\"lastModified\":\"2025-06-04T15:37:37.577\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log.\"},{\"lang\":\"es\",\"value\":\"La inserci\u00f3n de informaci\u00f3n confidencial en un archivo de registro en las versiones 7.4.0, 7.2.0 a 7.2.5 y 7.0.0 a 7.0.9 de Fortinet FortiPortal puede permitir que un atacante autenticado con al menos permisos de administrador de solo lectura vea secretos cifrados a trav\u00e9s del registro del sistema de FortiPortal. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"[email protected]\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":2.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":1.4},{\"source\":\"[email protected]\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":2.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"[email protected]\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.10\",\"matchCriteriaId\":\"04BC3F4E-BCFF-4C13-9922-94BC08D55E0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndExcluding\":\"7.2.6\",\"matchCriteriaId\":\"BA765E03-8943-42BB-AACC-F3C918B8F2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"957DAED4-8BE8-49A8-BEFA-2C419824895A\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-24-380\",\"source\":\"[email protected]\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-46777\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-28T13:30:18.489150Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-28T13:30:21.263Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiPortal\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.5\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.9\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiPortal version 7.4.2 or above \\nPlease upgrade to FortiPortal version 7.4.1 or above \\nPlease upgrade to FortiPortal version 7.2.6 or above \\nPlease upgrade to FortiPortal version 7.0.10 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-380\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-380\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-532\", \"description\": \"Information disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2025-05-28T07:56:03.616Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-46777\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-28T13:30:23.832Z\", \"dateReserved\": \"2025-04-29T08:42:13.449Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2025-05-28T07:56:03.616Z\", \"assignerShortName\": \"fortinet\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…