CVE-2025-46774

CWE-3474 documents4 sources
Severity
7.8HIGH
EPSS
0.0%
top 99.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Forticlientmac
Timeline
PublishedOct 14

Description

An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages2 packages

NVDfortinet/forticlient7.0.07.2.10+1
CVEListV5fortinet/forticlientmac7.4.07.4.2+2

🔴Vulnerability Details

2
GHSA
GHSA-8m8c-g2fv-f6hj: An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 72025-10-14
CVEList
CVE-2025-46774: An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 72025-10-14

📋Vendor Advisories

1
Fortinet
An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2...2025-10-14
CVE-2025-46774 (HIGH CVSS 7.8) | An Improper Verification of Cryptog | cvebase.io