Unrated severityNVD Advisory· Published Mar 10, 2026· Updated Mar 10, 2026

CVE-2025-55717

Description

A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.

Affected products

Fortinet/Fortimailv5
cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*
Range: 7.6.0
Fortinet/FortiRecorderv5
cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*
Range: 7.2.0
Fortinet/Fortivoicev5
cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*
Range: 7.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.fortinet.com/psirt/FG-IR-26-080mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000