CVE-2025-59921

📊 6.5 MEDIUM⚡ 0.1%🎯 0 exploits

📅 Published Oct 14, 2025

📋 Status: Analyzed

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

3 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	fortinet	fortiadc	≥ 6.2.0 ∧ < 7.1.5	Vulnerable	cpe:2.3:a:fortinet:fortiadc::::::::
📱App	fortinet	fortiadc	≥ 7.2.0 ∧ < 7.2.4	Vulnerable	cpe:2.3:a:fortinet:fortiadc::::::::
📱App	fortinet	fortiadc	7.4.0	Vulnerable	cpe:2.3:a:fortinet:fortiadc:7.4.0:::::::*

📱

fortinet / fortiadc

Application

Vulnerable

Version: ≥ 6.2.0 ∧ < 7.1.5

CPE:

cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*

📱

fortinet / fortiadc

Application

Vulnerable

Version: ≥ 7.2.0 ∧ < 7.2.4

CPE:

cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*

📱

fortinet / fortiadc

Application

Vulnerable

Version: 7.4.0

CPE:

cpe:2.3:a:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*

Metrics

6.5 MEDIUMCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

LOW

User Interaction:

NONE

Confidentiality:

HIGH

Integrity:

NONE

Availability:

NONE

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

6.5 (MEDIUM)v3.1

Source: [email protected]

EPSS Details

0.1% (Minimal)34.7th percentile

Last updated: Oct 31, 2025

Exploitation probability within 30 days

Published Date

Oct 14, 2025 (19 days ago)

Last Modified

Oct 16, 2025 (17 days ago)

Security Weaknesses2

CWE-200

References2

NVDgeneral