FORTINET Security Advisory
Published Date: October 14, 2025 | Revised June 8, 2026
Advisory Summary
A newly identified vulnerability in FortiOS, rated with a CVSSv3 score of 2.6, involves the insertion of sensitive two-factor authentication (2FA) information into log files and the output of diagnostic commands. This CWE-532 weakness could potentially expose sensitive 2FA details to any user or attacker with at least read-only access to the system logs.
While the risk score is moderate, the exposure of 2FA information in logs is a critical security concern since it could assist in circumventing multifactor authentication protections indirectly. Organizations using FortiOS should promptly review their logging and diagnostic access policies and apply any patches or mitigations issued by Fortinet to prevent unauthorized visibility into these sensitive authentication components.
- Review and restrict user access rights to logs and diagnostic commands.
- Stay updated with Fortinet’s security advisories for patches addressing this issue.
- Audit logging configurations to minimize sensitive information exposure.
This incident underscores the importance of secure logging practices and continual monitoring of security updates in infrastructure components.
Reference: Vendor Advisory