Sign-up

ID

VAR-202511-1242


CVE

CVE-2025-46775


DESCRIPTION

A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands.

Trust: 1.0

sources: NVD: CVE-2025-46775

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiextenderscope:gteversion:7.6.0

Trust: 1.0

vendor:fortinetmodel:fortiextenderscope:ltversion:7.4.8

Trust: 1.0

vendor:fortinetmodel:fortiextenderscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiextenderscope:ltversion:7.6.3

Trust: 1.0

sources: NVD: CVE-2025-46775

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2025-46775
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2025-46775
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-46775

PROBLEMTYPE DATA

problemtype:CWE-1295

Trust: 1.0

sources: NVD: CVE-2025-46775

EXTERNAL IDS

db:NVDid:CVE-2025-46775

Trust: 1.0

sources: NVD: CVE-2025-46775

REFERENCES

url:https://fortiguard.fortinet.com/psirt/fg-ir-25-259

Trust: 1.0

sources: NVD: CVE-2025-46775

SOURCES

db:NVDid:CVE-2025-46775

LAST UPDATE DATE

2025-11-20T23:19:45.055000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-46775date:2025-11-20T14:40:25.397

SOURCES RELEASE DATE

db:NVDid:CVE-2025-46775date:2025-11-18T17:16:01.973