CVE-2025-59921 MEDIUM

CVE-2025-59921

Vendor Fortinet
Product FortiADC
Weakness CWE-200 · Info exposure
Published October 14, 2025
Last update January 14, 2026

CVSS base score

6.2/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C

What the vulnerability does

01Description

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
January 14, 2026 Record updated