CVE-2025-46752 in FortiDLP
Summary
by MITRE • 10/16/2025
A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 10/17/2025
The vulnerability identified as CVE-2025-46752 represents a critical information disclosure flaw within Fortinet FortiDLP software versions ranging from 12.0.0 through 12.0.5 and including 11.5.1 and 11.4.6 and 11.4.5. This issue stems from improper handling of sensitive data within log files, specifically allowing unauthorized disclosure when enrollment codes are reused by attackers. The vulnerability falls under the category of CWE-532, which addresses the insertion of sensitive information into log files, making it a direct concern for data protection and privacy compliance standards. The flaw exists in the logging mechanism of FortiDLP, which is designed to monitor and control data loss prevention activities within enterprise environments. When enrollment codes are processed and subsequently logged without proper sanitization, these codes become accessible to unauthorized parties who can then exploit them for further attacks.
The technical implementation of this vulnerability involves the software's failure to properly sanitize or redact sensitive enrollment codes during the logging process. This occurs when the system generates and stores these codes for user authentication or device enrollment purposes, but fails to ensure that such sensitive information does not appear in system logs or audit trails. The reuse aspect of this vulnerability is particularly concerning as it allows attackers to obtain valid enrollment codes from compromised log files and then leverage these codes to gain unauthorized access to the system. The attack vector is facilitated through log file access, which can occur through various means including direct system access, log file extraction, or through compromised accounts with sufficient privileges to view system logs. This creates a significant risk for organizations using FortiDLP as their primary data loss prevention solution, as the exposure of enrollment codes could lead to complete system compromise.
The operational impact of this vulnerability extends beyond simple information disclosure, as enrollment codes typically serve as critical access controls within the FortiDLP system. When these codes are exposed through log files, attackers can potentially bypass authentication mechanisms and gain unauthorized access to sensitive data monitoring capabilities. This compromise affects the integrity and confidentiality of the entire data loss prevention infrastructure, potentially allowing attackers to view, modify, or exfiltrate protected information. Organizations may face regulatory compliance violations under various standards including gdpr, hipaa, and pci dss due to the exposure of sensitive authentication tokens. The vulnerability also creates opportunities for lateral movement within networks, as compromised enrollment codes could be used to access additional FortiDLP components or systems that rely on similar authentication mechanisms. This flaw directly impacts the attack surface analysis framework as defined by the mitre att&ck matrix, specifically relating to credential access and privilege escalation techniques.
Organizations should implement immediate mitigations including enhanced log file access controls, regular log file audits, and the implementation of proper data sanitization procedures for sensitive information. The recommended approach involves configuring the FortiDLP system to either disable logging of enrollment codes or ensure that such codes are properly redacted from all system logs. Additionally, organizations should conduct comprehensive vulnerability assessments to identify any other sensitive information that might be inadvertently logged within their FortiDLP environments. The implementation of centralized log management systems with proper access controls can help prevent unauthorized access to sensitive log information while maintaining compliance with security standards. Regular patch management procedures should be implemented to ensure timely updates to FortiDLP software versions that contain fixes for this vulnerability. The remediation process should also include monitoring for any signs of exploitation attempts and implementing network segmentation to limit the potential impact of compromised enrollment codes. Organizations should also consider implementing additional authentication mechanisms beyond enrollment codes to reduce the risk associated with single points of failure in their authentication infrastructure.