CVE-2025-46752

A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-25-160	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:fortinet:fortidlp_agent:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

16 Oct 2025, 17:50

Type	Values Removed	Values Added
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-25-160 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-25-160 - Vendor Advisory
CPE		cpe:2.3:a:fortinet:fortidlp_agent:::::::: cpe:2.3:o:microsoft:windows:-:::::::*
First Time		Microsoft windows Fortinet Microsoft Fortinet fortidlp Agent

16 Oct 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-16 14:15

Updated : 2025-10-16 17:50

NVD link : CVE-2025-46752

Mitre link : CVE-2025-46752

CVE.ORG link : CVE-2025-46752

JSON object : View

Products Affected

fortinet

fortidlp_agent

microsoft

windows

CWE

CWE-532

Insertion of Sensitive Information into Log File

4.4 /10