Primary

Context

Fortinet FortiOS and FortiProxy Sensitive Information Log Insertion Vulnerability

Vulnerability

Patched

A vulnerability allowing the insertion of sensitive information into log files has been identified in Fortinet FortiOS versions 7.6.0 through 7.6.3, as well as all versions of FortiOS 7.4, 7.2, 7.0, and 6.4. This vulnerability may allow an attacker with read-only privileges to access sensitive two-factor authentication (2FA) information by monitoring logs or using the diagnose command.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive 2FA-related information.

Remediation

Users of Fortinet FortiOS should upgrade to version 7.6.4 or above. For Fortinet FortiProxy, the same version upgrade applies. Instructions for migrating to a fixed release can be found in Fortinet's upgrade tool.

Added: Oct 14, 2025, 4:28 PM

Updated: Oct 14, 2025, 11:08 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiOS and FortiProxy Sensitive Information Log Insertion Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiOS

Fortinet FortiProxy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating