{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-46775", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2025-04-29T08:42:13.449Z", "datePublished": "2025-11-18T17:01:17.364Z", "dateUpdated": "2025-11-18T18:33:37.068Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiExtender", "cpes": ["cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.6.0", "lessThanOrEqual": "7.6.1", "status": "affected"}, {"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.6", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.5", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.5", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-11-18T17:01:17.364Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1295", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to FortiExtender version 7.6.3 or above\nUpgrade to upcoming FortiExtender version 7.4.8 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-259", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-259"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-18T18:33:30.741688Z", "id": "CVE-2025-46775", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-18T18:33:37.068Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46775", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-18T18:33:30.741688Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-18T18:33:33.891Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortiextender:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiextender:7.0.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiExtender", "versions": [{"status": "affected", "version": "7.6.0", "versionType": "semver", "lessThanOrEqual": "7.6.1"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.6"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.5"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.5"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to FortiExtender version 7.6.3 or above\nUpgrade to upcoming FortiExtender version 7.4.8 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-259", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-259"}], "descriptions": [{"lang": "en", "value": "A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1295", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-11-18T17:01:17.364Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46775", "state": "PUBLISHED", "dateUpdated": "2025-11-18T18:33:37.068Z", "dateReserved": "2025-04-29T08:42:13.449Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-11-18T17:01:17.364Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D99BE066-31DA-417E-9C7F-73453CE4A69D", "versionEndExcluding": "7.4.8", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F3DA4B8-95C4-407B-B632-D8F48C89511E", "versionEndExcluding": "7.6.3", "versionStartIncluding": "7.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fortinet:fortiextender:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0617C1D-E321-409D-B54B-775E854A03C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands."}], "id": "CVE-2025-46775", "lastModified": "2025-11-20T14:40:25.397", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-11-18T17:16:01.973", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-259"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1295"}], "source": "[email protected]", "type": "Primary"}]}

{}