CVE-2025-24473

CWE-4974 documents4 sources
Severity
3.7LOW
EPSS
0.2%
top 58.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Forticlientwindows
Timeline
PublishedMay 28

Description

A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

CVEListV5fortinet/forticlientwindows7.2.07.2.1+1
NVDfortinet/forticlient7.2.07.2.2

🔴Vulnerability Details

2
GHSA
GHSA-v579-4342-cjrp: A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 72025-05-28
CVEList
CVE-2025-24473: A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 72025-05-28

📋Vendor Advisories

1
Fortinet
A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindow...2025-05-28
CVE-2025-24473 (LOW CVSS 3.7) | A exposure of sensitive system info | cvebase.io