Back to KEVs

CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from...

Basic Information

CVE State
PUBLISHED
Reserved Date
February 05, 2026
Published Date
February 05, 2026
Last Updated
February 09, 2026
Vendor
Fortinet
Product
FortiOS
Description
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers' installations). NOTE: the Supplier's position is that the instance of CWE-1394 is not a vulnerability because customers "are supposed to enable" a non-default option that eliminates the weakness. However, that non-default option can disrupt functionality as shown in the "Managing FortiGates with private data encryption" document, and is therefore intentionally not a default option.

CVSS Scores

CVSS v3.1

3.2 - LOW

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

SSVC Information

Exploitation
none
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2026-06-01 10:50:28 UTC) Source

References

https://www.cert.at/en/blog/2026/1/threat-actors-use-forticloud-to-collect-ldap-connection-passwords https://docs.fortinet.com/document/fortimanager/7.6.6/administration-guide/30332/managing-fortigates-with-private-data-encryption

Known Exploited Vulnerability Information

Source Added Date
CVE 2026-06-01 10:50:28 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel