CVE-2025-31365
published 2025-10-14CVE-2025-31365: An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an…
high7.1CVSS 3.1
AVNACLPRNUIRSCCLILAL
An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | forticlient | — | — |
| fortinet | forticlient | >= 7.2.1 < 7.2.9 | 7.2.9 |
| fortinet | forticlient | >= 7.4.0 < 7.4.4 | 7.4.4 |
| fortinet | forticlientmac | — | — |
| fortinet | forticlientmac | 7.2.1 – 7.2.8 | — |
| fortinet | forticlientmac | 7.4.0 – 7.4.3 | — |