[VULNERABILITY ALERT] Fortinet FortiFone Web Portal Contains a Critical Security Vulnerability (CVE-2025-47855)

• Subject: [VULNERABILITY ALERT] Fortinet FortiFone Web Portal Contains a Critical Security Vulnerability (CVE-2025-47855)

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202601-00000009
  • FortiFone Web Portal is the centralized management interface for Fortinet's FortiVoice systems, used for remote configuration of telephone extensions and monitoring of call logs and system performance.
  • Recently, Fortinet released a critical security vulnerability announcement. This vulnerability (CVE-2025-47855, CVSS: 9.8) may allow an unauthenticated attacker to obtain device configurations through specially crafted HTTP or HTTPS requests, thereby accessing sensitive data.
• Affected Platforms:
  • FortiFone versions 3.0.13 to 3.0.23
  • FortiFone versions 7.0.0 to 7.0.1
• Recommended Actions:
  • Please update to the following versions: FortiFone version 3.0.24 (inclusive) or later; FortiFone version 7.0.2 (inclusive) or later.
• Reference Material:
  1. https://www.twcert.org.tw/tw/cp-169-10631-ea139-1.html

Computer and Communication Center
Network Systems Division, Respectfully