Details of VAR-202511-1242

ID

VAR-202511-1242

CVE

CVE-2025-46775

TITLE

fortinet's FortiExtender Firmware vulnerability related to debug messages displaying unnecessary information

Trust: 0.8

sources: JVNDB: JVNDB-2025-020603

DESCRIPTION

A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands

Trust: 1.62

sources: NVD: CVE-2025-46775 // JVNDB: JVNDB-2025-020603

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiextender	scope:	gte	version:	7.6.0	Trust: 1.0
vendor:	fortinet	model:	fortiextender	scope:	lt	version:	7.4.8	Trust: 1.0
vendor:	fortinet	model:	fortiextender	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiextender	scope:	lt	version:	7.6.3	Trust: 1.0
vendor:	フォーティネット	model:	fortiextender	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiextender	scope:	eq	version:	fortiextender firmware 7.6.0 that's all 7.6.3	Trust: 0.8
vendor:	フォーティネット	model:	fortiextender	scope:	eq	version:	fortiextender firmware 7.0.0 that's all 7.4.8	Trust: 0.8

sources: JVNDB: JVNDB-2025-020603 // NVD: CVE-2025-46775

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2025-46775
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-020603
value:	MEDIUM
Trust: 0.8

psirt@fortinet.com:	CVE-2025-46775
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-020603
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-020603 // NVD: CVE-2025-46775

PROBLEMTYPE DATA

problemtype:

CWE-1295

Trust: 1.0

sources: NVD: CVE-2025-46775

PATCH

title:

FG-IR-25-259

url:

https://fortiguard.fortinet.com/psirt/FG-IR-25-259

Trust: 0.8

sources: JVNDB: JVNDB-2025-020603

EXTERNAL IDS

db:	NVD	id:	CVE-2025-46775	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-020603	Trust: 0.8

sources: JVNDB: JVNDB-2025-020603 // NVD: CVE-2025-46775

REFERENCES

url:	https://fortiguard.fortinet.com/psirt/fg-ir-25-259	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-46775	Trust: 0.8

sources: JVNDB: JVNDB-2025-020603 // NVD: CVE-2025-46775

SOURCES

db:	JVNDB	id:	JVNDB-2025-020603
db:	NVD	id:	CVE-2025-46775

LAST UPDATE DATE

2025-12-20T23:30:45.698000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-020603	date:	2025-11-28T09:07:00
db:	NVD	id:	CVE-2025-46775	date:	2025-11-20T14:40:25.397

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-020603	date:	2025-11-28T00:00:00
db:	NVD	id:	CVE-2025-46775	date:	2025-11-18T17:16:01.973