FortiPortal 7.x Log Info Exposure to Read-Only Admin View Secrets
CVE-2025-46777 Published on May 28, 2025
A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log.
Vulnerability Analysis
CVE-2025-46777 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2025-46777
Want to know whenever a new CVE is published for Fortinet Fortiportal? stack.watch will email you.
Affected Versions
Fortinet FortiPortal:- Version 7.4.0 is affected.
- Version 7.2.0, <= 7.2.5 is affected.
- Version 7.0.0, <= 7.0.9 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.