CVE-2025-46373 — Heap-based Buffer Overflow in Fortinet Forticlient

CWE-122 — Heap-based Buffer Overflow4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 96.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Forticlientwindows

Timeline

PublishedNov 18

Description

A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to execute arbitrary code or commands via "fortips_74.sys". The attacker would need to bypass the Windows heap integrity protections

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5fortinet/forticlientwindows7.4.0 — 7.4.3+1

▶NVDfortinet/forticlient7.2.0 — 7.2.9+1

🔴Vulnerability Details

CVEList

CVE-2025-46373: A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7↗2025-11-18

▶

GHSA

GHSA-mjrx-5jw9-2x26: A Heap-based Buffer Overflow vulnerability [CWE-122] in Fortinet FortiClientWindows 7↗2025-11-18

▶

📋Vendor Advisories

Fortinet

A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, F...↗2025-11-18

▶