CVE-2025-31365

CWE-94 — Code Injection4 documents4 sources

Severity

7.1HIGH

EPSS

0.1%

top 78.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Forticlientmac

Timeline

PublishedOct 14

Description

An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.7

Affected Packages2 packages

▶CVEListV5fortinet/forticlientmac7.4.0 — 7.4.3+1

▶NVDfortinet/forticlient7.2.1 — 7.2.9+1

🔴Vulnerability Details

CVEList

CVE-2025-31365: An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7↗2025-10-14

▶

GHSA

GHSA-9h7f-3j8v-pcfj: An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7↗2025-10-14

▶

📋Vendor Advisories

Fortinet

An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4...↗2025-10-14

▶