{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-46777", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2025-04-29T08:42:13.449Z", "datePublished": "2025-05-28T07:56:03.616Z", "dateUpdated": "2025-05-28T13:30:23.832Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiPortal", "cpes": ["cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.4.0", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.5", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.9", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-05-28T07:56:03.616Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-532", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiPortal version 7.4.2 or above \nPlease upgrade to FortiPortal version 7.4.1 or above \nPlease upgrade to FortiPortal version 7.2.6 or above \nPlease upgrade to FortiPortal version 7.0.10 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-380", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-380"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-28T13:30:18.489150Z", "id": "CVE-2025-46777", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-28T13:30:23.832Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46777", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-28T13:30:18.489150Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-28T13:30:21.263Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.2, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiPortal", "versions": [{"status": "affected", "version": "7.4.0"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.5"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.9"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiPortal version 7.4.2 or above \nPlease upgrade to FortiPortal version 7.4.1 or above \nPlease upgrade to FortiPortal version 7.2.6 or above \nPlease upgrade to FortiPortal version 7.0.10 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-380", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-380"}], "descriptions": [{"lang": "en", "value": "A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-05-28T07:56:03.616Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46777", "state": "PUBLISHED", "dateUpdated": "2025-05-28T13:30:23.832Z", "dateReserved": "2025-04-29T08:42:13.449Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-05-28T07:56:03.616Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "matchCriteriaId": "04BC3F4E-BCFF-4C13-9922-94BC08D55E0A", "versionEndExcluding": "7.0.10", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA765E03-8943-42BB-AACC-F3C918B8F2EE", "versionEndExcluding": "7.2.6", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "957DAED4-8BE8-49A8-BEFA-2C419824895A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log."}, {"lang": "es", "value": "La inserci\u00f3n de informaci\u00f3n confidencial en un archivo de registro en las versiones 7.4.0, 7.2.0 a 7.2.5 y 7.0.0 a 7.0.9 de Fortinet FortiPortal puede permitir que un atacante autenticado con al menos permisos de administrador de solo lectura vea secretos cifrados a trav\u00e9s del registro del sistema de FortiPortal. "}], "id": "CVE-2025-46777", "lastModified": "2025-06-04T15:37:37.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-28T08:15:22.443", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-380"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}

{}