Read-only admin could obtain admin configuration secrets

Read-only admin could obtain admin configuration secrets Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-25-616 Final 1 1 2025-12-09T00:00:00 Current version 2025-12-09T00:00:00 2025-12-09T00:00:00 An improper access control vulnerability [CWE-284] in FortiAuthenticator Web UI may allow an authenticated attacker with at least read-only admin permission to obtain the credentials of other administrators' messaging services via crafted requests. None Escalation of privilege None Internally discovered and reported by Dino-Boris Dougoud of the Fortinet Sales team and Eric Wang of the Fortinet Corporate InfoSec team. FortiAuthenticator 6.6.6 FortiAuthenticator 6.6.5 FortiAuthenticator 6.6.4 FortiAuthenticator 6.6.3 FortiAuthenticator 6.6.2 FortiAuthenticator 6.6.1 FortiAuthenticator 6.6.0 FortiAuthenticator 6.5.7 FortiAuthenticator 6.5.6 FortiAuthenticator 6.5.5 FortiAuthenticator 6.5.4 FortiAuthenticator 6.5.3 FortiAuthenticator 6.5.2 FortiAuthenticator 6.5.1 FortiAuthenticator 6.5.0 FortiAuthenticator 6.4.11 FortiAuthenticator 6.4.10 FortiAuthenticator 6.4.9 FortiAuthenticator 6.4.8 FortiAuthenticator 6.4.7 FortiAuthenticator 6.4.6 FortiAuthenticator 6.4.5 FortiAuthenticator 6.4.4 FortiAuthenticator 6.4.3 FortiAuthenticator 6.4.2 FortiAuthenticator 6.4.1 FortiAuthenticator 6.4.0 FortiAuthenticator 6.3.5 FortiAuthenticator 6.3.4 FortiAuthenticator 6.3.3 FortiAuthenticator 6.3.2 FortiAuthenticator 6.3.1 FortiAuthenticator 6.3.0 Read-only admin could obtain admin configuration secrets CVE-2025-59923 FortiAuthenticator-6.6.6 FortiAuthenticator-6.6.5 FortiAuthenticator-6.6.4 FortiAuthenticator-6.6.3 FortiAuthenticator-6.6.2 FortiAuthenticator-6.6.1 FortiAuthenticator-6.6.0 FortiAuthenticator-6.5.7 FortiAuthenticator-6.5.6 FortiAuthenticator-6.5.5 FortiAuthenticator-6.5.4 FortiAuthenticator-6.5.3 FortiAuthenticator-6.5.2 FortiAuthenticator-6.5.1 FortiAuthenticator-6.5.0 FortiAuthenticator-6.4.11 FortiAuthenticator-6.4.10 FortiAuthenticator-6.4.9 FortiAuthenticator-6.4.8 FortiAuthenticator-6.4.7 FortiAuthenticator-6.4.6 FortiAuthenticator-6.4.5 FortiAuthenticator-6.4.4 FortiAuthenticator-6.4.3 FortiAuthenticator-6.4.2 FortiAuthenticator-6.4.1 FortiAuthenticator-6.4.0 FortiAuthenticator-6.3.5 FortiAuthenticator-6.3.4 FortiAuthenticator-6.3.3 FortiAuthenticator-6.3.2 FortiAuthenticator-6.3.1 FortiAuthenticator-6.3.0 2.6 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-25-616 Read-only admin could obtain admin configuration secrets Reference>