CVE-2025-46752 is an information disclosure vulnerability identified in Fortinet FortiDLP, a data loss prevention solution widely used to monitor and protect sensitive data. The vulnerability exists in versions 11.4.5, 11.5.1, and 12.0.0 through 12.0.4. It arises from the improper handling of sensitive information, specifically the insertion of confidential data into log files. An attacker with limited privileges (local access and low privileges) can exploit this flaw by reusing an enrollment code, which is intended for device or user enrollment in the FortiDLP system. This reuse enables the attacker to access sensitive information that should not be exposed, leading to information disclosure. The vulnerability does not require user interaction and has a low attack vector (local access), making exploitation somewhat constrained but still feasible in environments where attackers have some foothold. The CVSS v3.1 score is 4.2 (medium severity), reflecting limited impact on confidentiality and integrity, no impact on availability, and the requirement for privileges and local access. No public exploits or active exploitation have been reported as of the publication date. Fortinet has not yet published patches or mitigations, so affected organizations must rely on compensating controls until updates are available.

For European organizations, this vulnerability poses a risk to the confidentiality and integrity of sensitive data monitored by FortiDLP. Since FortiDLP is used to prevent data leaks and enforce compliance, unauthorized disclosure of enrollment codes or sensitive logs could undermine data protection efforts and regulatory compliance, especially under GDPR. Attackers gaining access to enrollment codes could potentially escalate privileges or bypass security controls, increasing the risk of insider threats or lateral movement within networks. The impact is more pronounced in sectors handling highly sensitive or regulated data, such as finance, healthcare, and government. However, the requirement for local access and privileges limits the scope of exploitation primarily to insiders or attackers who have already compromised internal systems. The absence of known exploits reduces immediate risk but does not eliminate the need for vigilance.

1. Restrict access to FortiDLP log files and enrollment codes strictly to authorized personnel only, using role-based access controls and auditing. 2. Monitor and audit usage of enrollment codes to detect any unusual reuse or access patterns. 3. Implement network segmentation and endpoint security controls to limit local access opportunities for attackers. 4. Apply the principle of least privilege to all FortiDLP users and administrators to reduce the risk of privilege abuse. 5. Regularly review and update FortiDLP configurations to minimize sensitive data exposure in logs. 6. Stay informed on Fortinet advisories and apply patches promptly once available. 7. Consider deploying additional data protection layers or encryption for sensitive logs to prevent unauthorized reading. 8. Conduct internal security awareness training focusing on the handling of enrollment codes and sensitive data.