POSTING DATE: 2026/01/16

[VULNERABILITY ALERT] Fortinet FortiFone Web Portal Contains a Critical Security Vulnerability (CVE-2025-47855)

  • Subject: [VULNERABILITY ALERT] Fortinet FortiFone Web Portal Contains a Critical Security Vulnerability (CVE-2025-47855)


  • Content Description:
    • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202601-00000009
    • FortiFone Web Portal is the centralized management interface for Fortinet's FortiVoice systems, used for remote configuration of telephone extensions and monitoring of call logs and system performance.
    • Recently, Fortinet released a critical security vulnerability announcement. This vulnerability (CVE-2025-47855, CVSS: 9.8) may allow an unauthenticated attacker to obtain device configurations through specially crafted HTTP or HTTPS requests, thereby accessing sensitive data.
  • Affected Platforms:
    • FortiFone versions 3.0.13 to 3.0.23
    • FortiFone versions 7.0.0 to 7.0.1
  • Recommended Actions:
    • Please update to the following versions: FortiFone version 3.0.24 (inclusive) or later; FortiFone version 7.0.2 (inclusive) or later.
  • Reference Material:
    1. https://www.twcert.org.tw/tw/cp-169-10631-ea139-1.html

Computer and Communication Center
Network Systems Division, Respectfully