CVE-2025-31514
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-15
Assigner: Fortinet, Inc.
Description
Description
An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing logs or via diagnose command.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortios | From 7.4.0 (inc) to 7.4.9 (inc) |
| fortinet | fortiproxy | From 7.6.0 (inc) to 7.6.4 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Insertion of Sensitive Information into Log File issue (CWE-532) in FortiOS versions 6.4 through 7.6.3. It may allow an attacker with at least read-only privileges to access sensitive two-factor authentication (2FA) related information by viewing logs or using the diagnose command.
How can this vulnerability impact me? :
An attacker who gains read-only access could retrieve sensitive 2FA information from logs, potentially compromising the security of two-factor authentication mechanisms and increasing the risk of unauthorized access.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70