CVE Catalog

CVE-2025-31514

LowCVSS 2.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

13th percentile — higher than 13% of all known CVEs

Summary

There is a vulnerability in Fortinet FortiOS and FortiProxy that allows for the insertion of sensitive information into log files. This affects FortiOS versions from 7.6.0 to 7.6.3 and all versions of 7.4, 7.2, 7.0, and 6.4, as well as FortiProxy from 7.6.0 to 7.6.3 and versions 7.4.0 to 7.4.13.

Risk Assessment

This vulnerability may allow an attacker to disclose sensitive information, posing a serious threat to the organization's security.

Recommendation

It is recommended to update to the latest versions of FortiOS and FortiProxy to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

A insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to information disclosure via <insert attack vector here>

Vulnerability data from NVD (NIST) · CISA KEV · EPSS