Beyond security

Language

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

Critical Severity Vulnerability

This vulnerability has been rated as Critical severity. Immediate action is recommended.

CVE-2025-47855

Critical

Low Medium High Critical

9.8

CVSS Score

Published: Jan 13, 2026

Last Modified: Jan 14, 2026

Vulnerability Description

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

N

Attack Complexity

L

Privileges Required

N

User Interaction

N

Scope

U

Confidentiality

H

Integrity

H

Availability

H

References & Resources

https://fortiguard.fortinet.com/psirt/FG-IR-25-260
psirt@fortinet.com

Severity Details

9.8

out of 10.0

Critical

Key Information

Published Date: January 13, 2026

External Resources

NIST

National Vulnerability Database

Detailed vulnerability info

Official CVE record