CVE-2025-47761

CWE-7824 documents4 sources
Severity
7.8HIGH
EPSS
0.0%
top 92.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Forticlientwindows
Timeline
PublishedNov 18

Description

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages2 packages

CVEListV5fortinet/forticlientwindows7.4.07.4.3+1
NVDfortinet/forticlient7.2.07.2.10+1

🔴Vulnerability Details

2
CVEList
CVE-2025-47761: An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 72025-11-18
GHSA
GHSA-j48r-9cxh-ccpx: An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] in Fortinet FortiClientWindows 72025-11-18

📋Vendor Advisories

1
Fortinet
An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7...2025-11-18
CVE-2025-47761 (HIGH CVSS 7.8) | An Exposed IOCTL with Insufficient | cvebase.io