CVE-2025-46775

{"id": "CVE-2025-46775", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-11-18T17:16:01.973", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-259", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1295"}]}], "descriptions": [{"lang": "en", "value": "A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands."}], "lastModified": "2025-11-20T14:40:25.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99BE066-31DA-417E-9C7F-73453CE4A69D", "versionEndExcluding": "7.4.8", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F3DA4B8-95C4-407B-B632-D8F48C89511E", "versionEndExcluding": "7.6.3", "versionStartIncluding": "7.6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fortinet:fortiextender:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0617C1D-E321-409D-B54B-775E854A03C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}