CVE-2025-55717 is a vulnerability classified under CWE-312 (cleartext storage of sensitive information) affecting multiple Fortinet products, including FortiVoice (versions 7.0.0 through 7.0.6 and 7.2.0), FortiMail (various 7.x versions), and FortiRecorder (multiple versions). The flaw allows an authenticated administrator with high privileges to retrieve sensitive user secrets stored in cleartext by issuing specific CLI commands. Since the sensitive information is not properly encrypted or protected at rest, it can be exposed to malicious insiders or attackers who have gained administrative access. The vulnerability requires the attacker to be an authenticated administrator and to interact with the device via CLI, which limits the attack surface and practical exploitability. The CVSS v3.1 score is 3.8 (low severity), reflecting the requirement for high privileges and user interaction, and the impact is primarily on confidentiality without affecting integrity or availability. No public exploits or widespread attacks have been reported to date. The vulnerability was published in March 2026 and remains a concern for organizations relying on these Fortinet products for voice, mail, and recording services.

The primary impact of CVE-2025-55717 is the potential unauthorized disclosure of sensitive user information stored in cleartext on affected Fortinet devices. This can lead to privacy violations, leakage of credentials or personal data, and potential further compromise if the disclosed secrets are leveraged for lateral movement or privilege escalation. However, the requirement for authenticated administrative access significantly reduces the risk of external attackers exploiting this vulnerability remotely. The threat is more relevant for insider threats or attackers who have already compromised administrative credentials. Organizations with large deployments of FortiVoice, FortiMail, or FortiRecorder may face increased risk if administrative access controls are weak or if logs and secrets are not adequately protected. The vulnerability does not impact system integrity or availability, so service disruption is unlikely. Overall, the impact is moderate but should not be ignored, especially in environments with sensitive communications or regulatory compliance requirements.

To mitigate CVE-2025-55717, organizations should take the following specific actions: 1) Immediately restrict administrative access to Fortinet devices to trusted personnel only, employing strong authentication methods such as multi-factor authentication (MFA). 2) Monitor and audit administrative logins and CLI command usage to detect suspicious activity or unauthorized access attempts. 3) Apply vendor-provided patches or updates as soon as they become available to address the cleartext storage issue. 4) Encrypt sensitive data at rest where possible, or configure devices to minimize storage of sensitive information in cleartext. 5) Regularly review and rotate administrative credentials to reduce the risk of credential compromise. 6) Implement network segmentation to isolate management interfaces and reduce exposure to potential attackers. 7) Educate administrators about the risks of insider threats and the importance of secure handling of sensitive information. These measures go beyond generic advice by focusing on administrative access control, monitoring, and proactive patch management tailored to the nature of this vulnerability.