CVE-2025-62676

CWE-595 documents5 sources
Severity
7.1HIGH
EPSS
0.0%
top 99.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet ForticlientFortinet Forticlientwindows
Timeline
PublishedFeb 10

Description

An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5fortinet/forticlientwindows7.4.07.4.4+2
NVDfortinet/forticlient7.0.07.2.13+1

🔴Vulnerability Details

2
GHSA
GHSA-8cg4-rqg8-pcg3: An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 72026-02-10
CVEList
CVE-2025-62676: An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 72026-02-10

📋Vendor Advisories

1
Fortinet
Arbitrary XML file write in FCConfig2026-02-10

🕵️Threat Intelligence

1
Wiz
CVE-2025-62676 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-62676 (HIGH CVSS 7.1) | An Improper Link Resolution Before | cvebase.io