CVE-2025-55717
Fortimail Análise e mitigação de vulnerabilidades

Visão geral

CVE-2025-55717 is a cleartext storage of sensitive information vulnerability (CWE-312) affecting Fortinet FortiMail, FortiRecorder, and FortiVoice products. Sensitive information — specifically user secrets — is stored in plaintext within debug logs, allowing an authenticated malicious administrator to retrieve them via CLI commands. Affected versions include FortiMail 7.0.0–7.0.8, 7.2.0–7.2.7, 7.4.0–7.4.4, and 7.6.0–7.6.2; FortiRecorder 6.4 (all versions), 7.0 (all versions), and 7.2.0–7.2.3; and FortiVoice 7.0.0–7.0.6 and 7.2.0. The vulnerability was discovered through an independent audit commissioned by Fortinet and publicly disclosed on March 10, 2026. It carries a CVSSv3.1 base score of 3.8–4.0 (Low/Medium) due to the high privilege requirement and local attack vector (FortiGuard PSIRT, Red Hat CVE).

Detalhes técnicos

The root cause is CWE-312 (Cleartext Storage of Sensitive Information): user secrets and passwords are written in plaintext to debug logs rather than being masked or encrypted. An authenticated administrator can access these logs via CLI commands on the affected device, exposing credentials that should be protected at rest. Exploitation requires local access to the device and an active administrator session, making the attack complexity high and limiting practical exploitability. No external network access or special protocol manipulation is required — the attacker simply reads debug log content through standard CLI interfaces (FortiGuard PSIRT).

Impacto

Successful exploitation results in a high-confidentiality-impact breach: an authenticated administrator can extract user secrets and plaintext credentials stored in debug logs, potentially compromising user authentication data across the affected system. There is no integrity or availability impact. While the scope is limited to the local device and requires elevated privileges, exposed credentials could be leveraged for lateral movement or privilege escalation within the broader environment if reused elsewhere (FortiGuard PSIRT, Red Hat CVE).

Etapas de exploração

  1. Gain administrator access: Obtain valid administrator credentials for the targeted FortiMail, FortiRecorder, or FortiVoice device — either through credential theft, insider access, or social engineering.
  2. Log in to the device CLI: Authenticate to the device's command-line interface using the administrator account.
  3. Access debug logs: Execute CLI commands to retrieve or display debug log files where sensitive information is stored in cleartext (e.g., commands that read or dump log content).
  4. Extract user secrets: Parse the plaintext debug log output to identify and collect user passwords or other secrets stored without encryption.
  5. Leverage extracted credentials: Use the obtained credentials for further access to the device, related systems, or other services where credentials may be reused (FortiGuard PSIRT).

Indicadores de compromisso

  • Logs: Unusual or repeated CLI commands accessing debug log files by administrator accounts; audit log entries showing bulk log reads or exports outside of normal maintenance windows.
  • Process/CLI Activity: Administrator sessions executing log-dump or debug-log-read commands at unusual times or from unfamiliar source IPs.
  • Network: Administrative CLI access originating from unexpected IP addresses or geographic locations, particularly if multi-factor authentication is not enforced.

Mitigação e soluções alternativas

Fortinet has released patched versions for all affected products. Upgrade to the following fixed releases: FortiMail 7.6.3 or later, 7.4.5 or later, 7.2.8 or later, or 7.0.9 or later (depending on branch); FortiRecorder 7.2.4 or later (FortiRecorder 6.4 and 7.0 users must migrate to a fixed release branch); FortiVoice 7.2.1 or later, or 7.0.7 or later. Patches were released on March 12, 2026. As interim mitigations, restrict administrative CLI access to trusted personnel only, implement multi-factor authentication for administrator accounts, and audit systems for any unauthorized administrative access. Monitor administrative CLI command usage for anomalous log-access activity (FortiGuard PSIRT).

Reações da comunidade

The vulnerability was discovered through an internal audit commissioned by Fortinet, indicating proactive security review practices. Community and media attention has been limited given the low CVSS score and high exploitation prerequisites. Automated CVE tracking services such as VulDB and radar.offseq.com indexed the vulnerability shortly after disclosure, and it was noted on social platforms via CVEnew. No significant researcher commentary or major media coverage has been identified (FortiGuard PSIRT).

Recursos adicionais


OrigemEste relatório foi gerado usando IA

Relacionado Fortimail Vulnerabilidades:

CVE ID

Gravidade

Pontuação

Tecnologias

Nome do componente

Exploração do CISA KEV

Tem correção

Data de publicação

CVE-2025-53681HIGH7.2
  • Fortimail logoFortimail
  • cpe:2.3:a:fortinet:fortimail
NãoSimMay 12, 2026
CVE-2024-40588MEDIUM4.4
  • Fortimail logoFortimail
  • cpe:2.3:a:fortinet:fortimail
NãoSimAug 12, 2025
CVE-2025-54972MEDIUM4.3
  • Fortimail logoFortimail
  • cpe:2.3:a:fortinet:fortimail
NãoSimNov 18, 2025
CVE-2024-47569MEDIUM4.3
  • FortiOS logoFortiOS
  • cpe:2.3:o:fortinet:fortios
NãoSimOct 14, 2025
CVE-2025-55717MEDIUM4
  • Fortimail logoFortimail
  • cpe:2.3:a:fortinet:fortimail
NãoSimMar 10, 2026

Avaliação de vulnerabilidade gratuita

Compare sua postura de segurança na nuvem

Avalie suas práticas de segurança na nuvem em 9 domínios de segurança para comparar seu nível de risco e identificar lacunas em suas defesas.

Solicitar avaliação

Marque uma demonstração personalizada

Pronto para ver a Wiz em ação?

"A melhor experiência do usuário que eu já vi, fornece visibilidade total para cargas de trabalho na nuvem."
David EstlickCISO
"A Wiz fornece um único painel de vidro para ver o que está acontecendo em nossos ambientes de nuvem."
Adão FletcherDiretor de Segurança
"Sabemos que se a Wiz identifica algo como crítico, na verdade é."
Greg PoniatowskiChefe de Gerenciamento de Ameaças e Vulnerabilidades