5 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
CVE-2025-47855 is a critical unauthenticated information disclosure vulnerability in the Fortinet FortiFone Web Portal caused by improper access control. A remote attacker can send specially crafted requests to the web interface and retrieve sensitive configuration data without authentication. Exposed information may include system and network configuration details, credentials, API keys, and other security-relevant parameters, which could be leveraged to facilitate follow-on attacks against the affected environment.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Exposure of Sensitive Configuration Information in Fortinet FortiFone Web Portal
CVSS Score: 9.8 (Critical, CVSS v3.1)
Identifier: CVE-2025-47855
Exploit or Proof of Concept (PoC):
There are currently no confirmed reports of active exploitation in the wild.
Update/ Patch:
Fortinet has released a PSIRT advisory and remediation guidance for CVE-2025-47855:
Administrators should update affected FortiFone versions to the fixed releases specified in the advisory. Known affected versions include FortiFone 7.0.0 through 7.0.1 and 3.0.13 through 3.0.23. Fixed versions are provided by Fortinet in the PSIRT bulletin.
Description:
CVE-2025-47855 is an unauthenticated information disclosure vulnerability in the Fortinet FortiFone Web Portal caused by improper access control. A remote attacker can send specially crafted requests to the web interface and retrieve sensitive configuration data without logging in. Exposed information may include system configuration, network settings, credentials, API keys, and other security-relevant parameters.
Mitigation Recommendation:
Immediately apply the firmware or software updates provided by Fortinet as documented in PSIRT advisory FG-IR-25-260.
Restrict access to the FortiFone Web Portal to trusted management networks only and block direct internet exposure.
Review firewall rules and access control lists to ensure only authorized administrators can reach the management interface.
Rotate credentials, API keys, and shared secrets if the portal was previously exposed to untrusted networks.
