Fortinet Forticlient vulnerabilities

CVE-2026-24018 [HIGH] CWE-61 CVE-2026-24018: A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7. A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.

CVE-2025-62676 [HIGH] CWE-59 CVE-2025-62676: An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerabili An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pi

CVE-2025-47761 [HIGH] CWE-782 CVE-2025-47761: An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Hea

CVE-2025-46373 [HIGH] CWE-122 CVE-2025-46373: A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7. A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to execute arbitrary code or commands via "fortips_74.sys". The attacker would need to bypass the Windows heap integrity protections

CVE-2025-54660 [MEDIUM] CWE-489 CVE-2025-54660: An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWi An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run the application step by step and retrieve the saved VPN user password

CVE-2025-57741 [HIGH] CWE-732 CVE-2025-57741: An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7 An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking.

CVE-2025-46774 [HIGH] CWE-347 CVE-2025-46774: An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS ins An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables.

CVE-2025-57716 [MEDIUM] CWE-427 CVE-2025-57716: An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4 An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder.

CVE-2025-31365 [MEDIUM] CWE-94 CVE-2025-31365: An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMa An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.

CVE-2024-54019 [MEDIUM] CWE-297 CVE-2024-54019: A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0 A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection.

CVE-2025-25251 [HIGH] CWE-863 CVE-2025-25251: An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 thr An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.

CVE-2025-24473 [LOW] CWE-497 CVE-2025-24473: A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortin A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to p

CVE-2024-35281 [LOW] CWE-653 CVE-2024-35281: An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4. An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables.

CVE-2023-45588 [HIGH] CWE-73 CVE-2023-45588: An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.

CVE-2024-52968 [MEDIUM] CWE-287 CVE-2024-52968: An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain i An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password.

CVE-2024-40586 [MEDIUM] CWE-284 CVE-2024-40586: An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2 An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe.

CVE-2024-50564 [LOW] CWE-321 CVE-2024-50564: A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versio A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped.

CVE-2020-15934 [HIGH] CWE-269 CVE-2020-15934: An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux ve An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.

CVE-2024-50570 [MEDIUM] CWE-312 CVE-2024-50570: A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 thr A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage colle

CVE-2024-47574 [HIGH] CWE-288 CVE-2024-47574: A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7. A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.