CVE-2025-46775 is a medium severity information disclosure vulnerability affecting Fortinet FortiExtender devices from versions 7.0.0 up to 7.6.1. The flaw arises from debug messages that leak sensitive information, including administrator credentials, when debug log commands are executed by an authenticated user with low privileges. The vulnerability requires an attacker to have some level of authenticated access to the device but does not require user interaction beyond that. The debug logs expose unnecessary details that should not be accessible to non-administrative users, effectively allowing privilege escalation through credential disclosure. FortiExtender devices are commonly deployed to provide cellular WAN connectivity and act as extensions to Fortinet’s security fabric, often used in enterprise and critical infrastructure networks. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) indicates local attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, and high confidentiality impact with no integrity or availability impact. No public exploits have been reported yet, but the vulnerability poses a risk of credential theft that could enable further compromise of network infrastructure.

For European organizations, the primary impact is the potential compromise of administrator credentials on FortiExtender devices, which can lead to unauthorized access to network management interfaces and potentially lateral movement within the network. This could undermine the confidentiality of sensitive network configurations and data routed through these devices. Since FortiExtender is used to provide cellular WAN connectivity, disruption or compromise could affect business continuity, especially for remote sites or critical infrastructure relying on cellular failover. The vulnerability does not directly affect availability or integrity but increases the risk of further attacks by exposing privileged credentials. Organizations in sectors such as telecommunications, energy, transportation, and government are particularly at risk due to their reliance on secure cellular connectivity and Fortinet products. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially from insider attackers or advanced persistent threats with authenticated access.

1. Immediately restrict access to debug log commands and related diagnostic interfaces to only fully trusted administrators. 2. Implement strict role-based access control (RBAC) on FortiExtender devices to ensure that users with low privileges cannot execute debug commands. 3. Monitor device logs and network traffic for unusual or unauthorized use of debug commands or attempts to access sensitive information. 4. Apply vendor patches or firmware updates as soon as they become available to address this vulnerability. 5. Conduct regular audits of user accounts and permissions on FortiExtender devices to detect and remove unnecessary privileges. 6. Employ network segmentation to isolate FortiExtender management interfaces from general user networks, reducing the risk of unauthorized access. 7. Educate administrators and users about the risks of credential exposure and enforce strong authentication mechanisms. 8. Consider multi-factor authentication (MFA) for accessing device management interfaces to reduce the risk of credential misuse.