CVE-2025-54660

CWE-4894 documents4 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 93.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Forticlientwindows

Timeline

PublishedNov 18

Description

An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run the application step by step and retrieve the saved VPN user password

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5fortinet/forticlientwindows7.4.0 — 7.4.3+2

▶NVDfortinet/forticlient7.0.0 — 7.2.11+1

🔴Vulnerability Details

CVEList

CVE-2025-54660: An active debug code vulnerability in Fortinet FortiClientWindows 7↗2025-11-18

▶

GHSA

GHSA-9qhw-j8ww-5hqr: An active debug code vulnerability in Fortinet FortiClientWindows 7↗2025-11-18

▶

📋Vendor Advisories

Fortinet

An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through...↗2025-11-18

▶