CVE-2025-55717
CVSS Score
3.8
EPSS Score
0.0%
EPSS Percentile
0th
A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.
| CWE | CWE-312 |
| Vendor | fortinet |
| Product | fortivoice |
| Ecosystems | |
| Industries | NetworkingSecurity |
| Published | Mar 10, 2026 |
| Last Updated | Mar 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for fortinet fortivoice
Be the first to know when new low vulnerabilities affecting fortinet fortivoice are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
Fortinet / FortiVoice
7.2.0 7.0.0 ≤ 7.0.6
Fortinet / FortiMail
7.6.0 ≤ 7.6.2 7.4.0 ≤ 7.4.4 7.2.0 ≤ 7.2.7 7.0.0 ≤ 7.0.8
Fortinet / FortiRecorder
7.2.0 ≤ 7.2.3 7.0.0 ≤ 7.0.6 6.4.0 ≤ 6.4.6