CVE-2025-24473
published 2025-05-28CVE-2025-24473: A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1…
low3.7CVSS 3.1
AVNACHPRNUINSUCLINAN
A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | forticlient | — | — |
| fortinet | forticlient | >= 7.2.0 < 7.2.2 | 7.2.2 |
| fortinet | forticlientwindows | — | — |
| fortinet | forticlientwindows | 7.0.13 – 7.0.14 | — |
| fortinet | forticlientwindows | 7.2.0 – 7.2.1 | — |
| fortinet | fortinet | — | — |