Fortinet FortiSOAR PaaS and on‑premise platforms may transmit certain sensitive data without encryption, a flaw that corresponds to CWE‑319. This weakness allows an attacker to capture authentication tokens, API keys, or other credentials in transit, potentially leading to compromise of the platform and downstream systems. The vulnerability results from cleartext transmission of traffic that should otherwise be encrypted.

Affected are Fortinet FortiSOAR PaaS and FortiSOAR on‑premise. Vulnerable versions include all 7.3.x releases, all 7.4.x releases, the 7.5.0 through 7.5.2 series, and the 7.6.0 through 7.6.3 series for PaaS; and all 7.3.x and 7.4.x on‑premise releases, 7.5.0 through 7.5.1, and 7.6.0 through 7.6.2 on‑premise. The vendor recommends upgrading to PaaS 7.6.4 or newer, or to any upstream release above 7.5.3 where applicable; for on‑premise, the upgrade target is 7.6.4 or any newer release above 7.5.3 or 7.6.3.

The CVSS score of 6.2 indicates moderate severity, meaning an attacker who can observe or interfere with the network traffic has a reasonable chance to exploit the flaw. EPSS data is not available, so the in‑the‑wild likelihood is uncertain, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, the attack vector is inferred to involve network eavesdropping or privileged access to the FortiSOAR API or management endpoints; once positioned, the adversary can capture unencrypted data transmitted by the platform.