Sensitive Information Exposure in FortiOS Versions 7.6 and Earlier
CVE-2025-31514

2.6LOW

Key Information:

Vendor: Fortinet
Status: Fortiproxy; FortiOS
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-31514?

A vulnerability in FortiOS permits an attacker with read-only privileges to obtain sensitive information related to two-factor authentication (2FA) by inspecting logs or utilizing the diagnose command. This flaw affects several versions of FortiOS, potentially exposing critical data to unauthorized users, thereby posing a risk to network security. Mitigating this issue is essential to protect sensitive user information from being exploited.

Affected Version(s)

FortiOS 7.6.0 <= 7.6.2

FortiOS 7.4.0 <= 7.4.9

FortiOS 7.2.0 <= 7.2.12

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-452

CVSS V3.1

Score:

2.6

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Mar 31, 2025

JSON

Fortinet

What is CVE-2025-31514?

Affected Version(s)

References

CVSS V3.1

Timeline