Sensitive Information Exposure in Fortinet FortiPortal by Fortinet
CVE-2025-46777

2.7LOW

Key Information:

Vendor

Fortinet
Status
Fortiportal
Vendor
CVE Published:
28 May 2025

What is CVE-2025-46777?

Fortinet FortiPortal versions 7.4.0, 7.2.0 to 7.2.5, and 7.0.0 to 7.0.9 suffer from a vulnerability that allows authenticated users with read-only admin permissions to access sensitive information stored in system logs. This flaw could expose encrypted secrets through unprotected log files, potentially leading to further exploitation. It highlights the importance of securing logging mechanisms to protect sensitive data from unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiPortal 7.4.0

FortiPortal 7.2.0 <= 7.2.5

FortiPortal 7.0.0 <= 7.0.9

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-380

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.