Primary

Context

Fortinet FortiExtender Debug Log Credential Leakage Vulnerability

Vulnerability

Patched

A vulnerability allowing credential leakage through debug log commands has been identified in Fortinet FortiExtender versions 7.6.0 to 7.6.1, 7.4.0 to 7.4.6, and all versions of 7.2 and 7.0. This vulnerability may enable an authenticated user to obtain administrator credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized access to administrator credentials, allowing for elevated privileges or access to sensitive administrative functions.

Remediation

Users of Fortinet FortiExtender should upgrade to version 7.6.3 or above if they are on the 7.6 branch, upgrade to version 7.4.8 or above if they are on the 7.4 branch, and migrate to a fixed release if they are on versions 7.2 or 7.0.

Added: Nov 18, 2025, 5:34 PM

Updated: Nov 18, 2025, 5:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

4.9

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

4.9

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiExtender Debug Log Credential Leakage Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiExtender

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating