CVE-2025-57716

CWE-4274 documents4 sources

Severity

7.3HIGH

EPSS

0.0%

top 95.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlient Fortinet Forticlientwindows

Timeline

PublishedOct 14

Description

An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5fortinet/forticlientwindows7.4.0 — 7.4.3+2

▶NVDfortinet/forticlient7.0.0 — 7.2.12+1

🔴Vulnerability Details

CVEList

CVE-2025-57716: An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7↗2025-10-14

▶

GHSA

GHSA-4gcf-xhrj-g4gq: An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7↗2025-10-14

▶

📋Vendor Advisories

Fortinet

An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7...↗2025-10-14

▶