Primary

Context

Fortinet FortiADC Sensitive Information Exposure Vulnerability

Vulnerability

Patched

A vulnerability allowing the exposure of sensitive information to unauthorized actors has been identified in Fortinet FortiADC versions 7.4.0, 7.2 (all versions), 7.1 (all versions), 7.0 (all versions), and 6.2 (all versions). This vulnerability may allow an admin with read-only permissions to retrieve external resources passwords from the product logs.

Impact

Exploitation of this vulnerability could lead to unauthorized access to external resources passwords, potentially allowing for further unauthorized actions or access.

Remediation

Users can upgrade Fortinet FortiADC to version 7.4.3 or above. For FortiADC versions 7.2, 7.1, 7.0, and 6.2, users should migrate to a fixed release. As a temporary workaround, external resources can be disabled to prevent password leakage via the logs.

Added: Nov 18, 2025, 5:28 PM

Updated: Nov 18, 2025, 5:28 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

5.4

remediation

8.3

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

5.4

remediation

8.3

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiADC Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiADC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating