Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
4.0

Fortinet FortiMail and FortiRecorder Store Sensitive Info in Plain Text

CVE-2025-55717
Summary

Fortinet's email and recording software stores sensitive information like passwords and keys in plain text, making it possible for an authorized user with admin access to view this data. This is a concern for organizations that use these products, as it could lead to unauthorized access to sensitive information. Fortinet recommends updating to the latest version of the software to address this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
fortinet fortivoice > 7.0.0 , <= 7.0.7
fortinet fortivoice 7.2.0
fortinet fortirecorder > 6.4.0 , <= 7.2.4
fortinet fortimail > 7.0.0 , <= 7.0.9
fortinet fortimail > 7.2.0 , <= 7.2.8
fortinet fortimail > 7.4.0 , <= 7.4.5
fortinet fortimail > 7.6.0 , <= 7.6.3
Original title
A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail...
Original description
A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.
nvd CVSS3.1 4.0
Vulnerability type
CWE-312 Cleartext Storage of Sensitive Information
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026