—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Information Disclosure vulnerability in FortiFone Web Portal 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

FortiFone 7.0 7.0.0 through 7.0.1

FortiFone 3.0 3.0.13 through 3.0.23

Overview

A vulnerability has been reported in FortiFone products that could allow an unauthenticated attacker to obtain the device configuration.

Target Audience

All organisations and individuals using vulnerable versions of FortiFone products.

Risk Assessment

High risk of Sensitive Information disclosure to an Unauthorized Actor.

Impact Assessment

Potential impact on confidentiality of the system.

Description

Fortinet is a global cybersecurity company that provides network security solutions, including firewalls, VPNs, and intrusion prevention systems.

An unauthenticated attacker could exploit the FortiFone Web Portal by sending specially crafted HTTP or HTTPS requests, allowing them to access sensitive information.

Successful exploitation of this vulnerability could enable an attacker to retrieve device configuration files, which may include sensitive data.

Solution

Apply appropriate updates as provided by vendor:

https://www.fortiguard.com/psirt/FG-IR-25-260

Vendor Information

Fortinet

https://www.fortiguard.com/psirt/FG-IR-25-260

CVE Name

CVE-2025-47855

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmluJh8ACgkQ3jCgcSdc

ys/3jg//e3hgnGNTFUb/cVREo/WHgCAsoLxV1lCeeoKPLeDl/MtXQJlIQTdgg5gf

CC4QvaMzis5Ef9KOcD7ng/m6YU9A4U7oRJfxbDUD3eI7oY7r/J6B3G/r3rULBfly

r6rGuWhxXiwxdr4+4rgpLapp/O+CoIX941SoU6Dc4GCswElRxmI47IHVxRlOz8m8

0ZM5zKLhPeybzC5+2JTfr6By4VEfyCgPp3AP3mbPHD4uLUd+5wS88cQKwFy00WeT

yQ6JGOWIQ7lznaUTrTbJ1L4RjH1n9jKqIwkydB/8ioSOqdyC3QnRIQXj4LAgBych

G/P8LgRe/DW0Ig6GOd1zOPFkTHnUQo4U7DLGuB6VQQHpSPjGGET8SF/0SuwlGLP8

Tnzl4o/YdRzMFs/1LleuayQdpHFURQheUhVNgl0Tx5cpTEEKuMhKHIclx276ROCk

4s1nO8zMWlE/FxHG1brdlIFocErYiN5m79vqr5Ehgtf9XckWkmIQOV3lJuswucOx

Rk48HbvbN36HUzueKmouVA4Dw5PIc3gtQ7ta4sFpxbWSH2UxJR0ooXyHYyxLdwgW

wo71MJxln4cVrPDqLG9hGT/SSMWVUXOtuB6ddq3OUkz79u8ny/45Z47PN4ag+8YK

4Yc5VMpqsdzIKFhWd/4N5DUnckjnRBhZ4wCyzDxsou1tTOUyKMg=

=L8W2

—–END PGP SIGNATURE—–