Insertion of sensitive information into system log

Insertion of sensitive information into system log Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-24-380 Final 1 1 2025-05-13T00:00:00 Current version 2025-05-13T00:00:00 2025-05-13T00:00:00 An insertion of sensitive information into log file vulnerability [CWE-532] in FortiPortal may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log. None Information disclosure None Internally reported by Tim Morris from the Fortinet sales team. FortiPortal 7.4.0 FortiPortal 7.2.5 FortiPortal 7.2.4 FortiPortal 7.2.3 FortiPortal 7.2.2 FortiPortal 7.2.1 FortiPortal 7.2.0 FortiPortal 7.0.9 FortiPortal 7.0.8 FortiPortal 7.0.7 FortiPortal 7.0.6 FortiPortal 7.0.5 FortiPortal 7.0.4 FortiPortal 7.0.3 FortiPortal 7.0.2 FortiPortal 7.0.1 FortiPortal 7.0.0 Insertion of sensitive information into system log CVE-2025-46777 FortiPortal-7.4.0 FortiPortal-7.2.5 FortiPortal-7.2.4 FortiPortal-7.2.3 FortiPortal-7.2.2 FortiPortal-7.2.1 FortiPortal-7.2.0 FortiPortal-7.0.9 FortiPortal-7.0.8 FortiPortal-7.0.7 FortiPortal-7.0.6 FortiPortal-7.0.5 FortiPortal-7.0.4 FortiPortal-7.0.3 FortiPortal-7.0.2 FortiPortal-7.0.1 FortiPortal-7.0.0 2.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-24-380 Insertion of sensitive information into system log Reference>