CVE-2025-54971 is a vulnerability identified in multiple versions of Fortinet's FortiADC product, specifically versions 6.2.0, 7.0.0, 7.1.0, 7.2.0, and 7.4.0. The flaw allows an administrator account with read-only privileges to retrieve sensitive information, namely external resource passwords, from the product's logs. This occurs because the logs improperly store or expose these passwords without adequate masking or encryption. The vulnerability is remotely exploitable over the network (AV:N) with low attack complexity (AC:L), requiring privileges equivalent to a read-only admin (PR:L), and does not require user interaction (UI:N). The scope is unchanged (S:U), and the impact is limited to confidentiality (C:L) without affecting integrity or availability. The CVSS 3.1 score of 3.9 reflects a low severity rating, indicating limited impact and exploitation difficulty. However, the exposure of external resource passwords can facilitate lateral movement or further compromise if combined with other vulnerabilities or misconfigurations. No public exploits or active exploitation have been reported as of now. The vulnerability was reserved in August 2025 and published in November 2025. Fortinet has not yet provided patch links, so organizations must monitor for updates. The issue highlights the importance of strict access controls and secure logging practices in network appliance management.

For European organizations, the primary impact is the potential exposure of sensitive credentials used by FortiADC appliances to access external resources such as backend servers, databases, or cloud services. Although the vulnerability requires read-only admin access, which is a privileged level, the unintended disclosure of passwords in logs can enable attackers or insider threats to escalate privileges or move laterally within the network. This could lead to unauthorized access to critical systems, data breaches, or disruption of services. Given FortiADC's role in application delivery and load balancing, compromise could affect availability indirectly by enabling further attacks. The low CVSS score suggests limited immediate risk, but organizations with large Fortinet deployments or those in regulated sectors (finance, healthcare, critical infrastructure) should be cautious. The absence of known exploits reduces urgency but does not eliminate risk, especially if attackers develop techniques to gain read-only admin credentials. European entities relying on FortiADC for secure application delivery must consider this vulnerability in their risk assessments and incident response planning.

1. Restrict read-only admin access strictly to trusted personnel and regularly audit these accounts to ensure no unauthorized users have such privileges. 2. Implement robust logging and monitoring to detect unusual access patterns to FortiADC logs or configuration interfaces. 3. Until patches are available, consider minimizing the logging of sensitive information or configuring log redaction if supported. 4. Use network segmentation and access control lists to limit which users or systems can reach FortiADC management interfaces. 5. Regularly update FortiADC firmware and subscribe to Fortinet security advisories to apply patches promptly once released. 6. Conduct internal security reviews to identify if any exposed passwords have been reused elsewhere and rotate them if necessary. 7. Employ multi-factor authentication for administrative access to reduce the risk of credential compromise. 8. Evaluate alternative methods for storing and handling external resource credentials, such as using secure vaults or encrypted storage, to avoid embedding passwords in logs. 9. Prepare incident response plans that include scenarios involving credential exposure from FortiADC devices.