CVE-2025-47855CRITICAL 9.8EPSS p51.5%

CVE-2025-47855CVE-2025-47855

Description

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.79% probability of exploitation · percentile 51.5% · 2026-06-18T12:00:27Z
Published2026-01-13
Last modified2026-04-15

Underlying weaknesses· 1

CWE-200

References

  1. https://fortiguard.fortinet.com/psirt/FG-IR-25-260

1

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-2000%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-52970
CVE
CVE-2025-22256
CVE
CVE-2025-49201
CVE
CVE-2025-53847
CVE
CVE-2025-47890
CVE
CVE-2025-54820
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.