Details of VAR-202603-1599

ID

VAR-202603-1599

CVE

CVE-2025-55717

TITLE

fortinet's FortiMail Vulnerabilities related to storing important information in plain text in multiple products, such as

Trust: 0.8

sources: JVNDB: JVNDB-2026-007228

DESCRIPTION

A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device. Fortinet FortiMail version of 7.6.0 from 7.6.2 , 7.4.0 from 7.4.4 , 7.2.0 from 7.2.7 , 7.0.0 from 7.0.8 , FortiRecorder version of 7.2.0 from 7.2.3 , 7.0 All versions of 6.4 All versions of, and FortiVoice version of 7.2.0 When 7.0.0 from 7.0.6 In this case, a vulnerability exists in storing confidential information in plain text ( CWE-312 ) exists. However, there are limitations to actual misuse, and the attacker would need to log in to the target device as an administrator.All information handled by the software may be leaked to the outside. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-55717 // JVNDB: JVNDB-2026-007228

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortimail	scope:	lt	version:	7.2.8	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	7.6.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	lt	version:	7.0.7	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	lt	version:	7.2.4	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	7.6.3	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	7.0.9	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	7.4.5	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	フォーティネット	model:	fortivoice	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortirecorder	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortimail	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-007228 // NVD: CVE-2025-55717

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2025-55717
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-55717
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2025-55717
value:	MEDIUM
Trust: 0.8

psirt@fortinet.com:	CVE-2025-55717
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.3
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2025-55717
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-007228 // NVD: CVE-2025-55717 // NVD: CVE-2025-55717

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-007228 // NVD: CVE-2025-55717

PATCH

title:

PSIRT | FortiGuard Labs

url:

https://fortiguard.fortinet.com/psirt/FG-IR-26-080

Trust: 0.8

sources: JVNDB: JVNDB-2026-007228

EXTERNAL IDS

db:	NVD	id:	CVE-2025-55717	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-007228	Trust: 0.8

sources: JVNDB: JVNDB-2026-007228 // NVD: CVE-2025-55717

REFERENCES

url:	https://fortiguard.fortinet.com/psirt/fg-ir-26-080	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-55717	Trust: 0.8

sources: JVNDB: JVNDB-2026-007228 // NVD: CVE-2025-55717

SOURCES

db:	JVNDB	id:	JVNDB-2026-007228
db:	NVD	id:	CVE-2025-55717

LAST UPDATE DATE

2026-03-16T23:59:37.205000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-007228	date:	2026-03-16T05:57:00
db:	NVD	id:	CVE-2025-55717	date:	2026-03-12T20:39:40.843

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-007228	date:	2026-03-16T00:00:00
db:	NVD	id:	CVE-2025-55717	date:	2026-03-10T18:17:58.543