Primary

Context

Fortinet FortiPAM Cleartext Storage of Credentials Vulnerability

Vulnerability

Patched

A vulnerability allowing cleartext storage of sensitive information in memory has been identified in Fortinet FortiPAM versions 1.0 through 1.6.0, as well as all versions of 1.1, 1.2, 1.3, 1.4, and 1.5. This vulnerability may enable an authenticated attacker with read-write admin privileges to the CLI to access the credentials of other administrators through diagnose commands.

Impact

Exploitation of this vulnerability could lead to unauthorized access to administrative credentials, allowing for potential misuse of administrative privileges.

Remediation

Users of Fortinet FortiPAM 1.6.0 should upgrade to 1.6.1 or above. Users of Fortinet FortiPAM versions 1.0, 1.1, 1.2, 1.3, 1.4, and 1.5 should migrate to a fixed release.

Added: Nov 18, 2025, 5:46 PM

Updated: Nov 18, 2025, 5:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.0

exploitability

3.0

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.0

exploitability

3.0

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiPAM Cleartext Storage of Credentials Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiPAM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating