HIGH🇵🇱 Wersja polska

CVE-2025-47761

CVSS 7.8v3.1pub. 2025-11-18upd. 2025-12-16

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Fortinet Forticlient

    APP
    Fortinet
    7.2.0 – 7.2.10 (bez)7.4.0 – 7.4.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
VPN
CWE
References

Related vulnerabilities

CVE-2023-45590CRITICAL9.6PL ✓ten sam produkt

Code injection w Fortinet FortiClientLinux umożliwiający RCE

CVE-2019-17658CRITICAL9.8ten sam produkt

An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and...

CVE-2026-24018HIGH7.8ten sam produkt

A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, Forti...

CVE-2025-62676HIGH7.1ten sam produkt

An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fort...

CVE-2025-46373HIGH7.8ten sam produkt

A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 throug...