CVE-2025-31514
LowCVSS 2.7Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
There is a vulnerability in Fortinet FortiOS and FortiProxy that allows for the insertion of sensitive information into log files. This affects FortiOS versions from 7.6.0 to 7.6.3 and all versions of 7.4, 7.2, 7.0, and 6.4, as well as FortiProxy from 7.6.0 to 7.6.3 and versions 7.4.0 to 7.4.13.
Risk Assessment
This vulnerability may allow an attacker to disclose sensitive information, posing a serious threat to the organization's security.
Recommendation
It is recommended to update to the latest versions of FortiOS and FortiProxy to mitigate the risks associated with this vulnerability.
Original NVD description (English source)
A insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to information disclosure via <insert attack vector here>

