CVE-2025-53950
Severity
6.0MEDIUM
EPSS
0.0%
top 97.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 16
Description
An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated administrator to collect current user's email information.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0
Affected Packages2 packages
🔴Vulnerability Details
2GHSA▶
GHSA-9qmq-3p53-433j: An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS a↗2025-10-16
CVEList▶
CVE-2025-53950: An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS a↗2025-10-16
📋Vendor Advisories
1Fortinet▶
An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's O...↗2025-10-16