CVE 9.3 CRITICAL

CVE-2025-47855_CVE-2025-47855

January 13, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C

Description

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests.

AI Analysis

Exposure of sensitive information to unauthorized actors via crafted HTTP or HTTPS requests

Basic Information

ID CVE-2025-47855

Source fortinet

Published Jan 13, 2026 at 16:32

Affected Product

Vendor Fortinet

Product FortiFone

Version 7.0.0

Affected Versions Fortinet FortiFone 7.0.0
Fortinet FortiFone 3.0.13

CWE Classification

CWE-200

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Fortinet

Product FortiFone

Version 7.0.0, 7.0.1, 3.0.13, 3.0.23

References

fortiguard.fortinet.com /psirt/FG-IR-25-260

{
    "lastseen": "",
    "description": "An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests.",
    "published": "2026-01-13T16:32:29.539Z",
    "modified": "2026-01-13T16:32:29.539Z",
    "type": "cve",
    "title": "CVE-2025-47855",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-25-260",
    "id": "CVE-2025-47855",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiFone 7.0.0\nFortinet FortiFone 3.0.13",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiFone",
    "version": "7.0.0",
    "vendor": "Fortinet",
    "ai_description": "Exposure of sensitive information to unauthorized actors via crafted HTTP or HTTPS requests",
    "ai_severity": "Critical",
    "ai_vendor": "Fortinet",
    "ai_product": "FortiFone",
    "ai_version": "7.0.0, 7.0.1, 3.0.13, 3.0.23",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply