Fortinet Forticlient vulnerabilities

CVE-2026-44278 [MEDIUM] CWE-321 CVE-2026-44278: A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4 A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via

CVE-2026-24018 [HIGH] CWE-61 CVE-2026-24018: A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7. A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.

CVE-2025-62676 [HIGH] CWE-59 CVE-2025-62676: An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerabili An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pi

CVE-2025-47761 [HIGH] CWE-782 CVE-2025-47761: An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Hea

CVE-2025-46373 [HIGH] CWE-122 CVE-2025-46373: A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7. A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to execute arbitrary code or commands via "fortips_74.sys". The attacker would need to bypass the Windows heap integrity protections

CVE-2025-54660 [MEDIUM] CWE-489 CVE-2025-54660: An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWi An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run the application step by step and retrieve the saved VPN user password

CVE-2025-31365 [HIGH] CWE-94 CVE-2025-31365: An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMa An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.

CVE-2025-57741 [HIGH] CWE-732 CVE-2025-57741: An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7 An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking.

CVE-2025-57716 [HIGH] CWE-427 CVE-2025-57716: An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4 An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder.

CVE-2025-46774 [HIGH] CWE-347 CVE-2025-46774: An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS ins An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables.

CVE-2025-24471 [MEDIUM] CWE-295 eap-cert-auth bypass via revoked certificate FG-IR-24-544: eap-cert-auth bypass via revoked certificate An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate. CVEs: CVE-2025-24471 CWEs: CWE-295 CVSS: 6.5 (medium) Affected products: FortiClient, FortiOS, FortiSase

CVE-2024-54019 [MEDIUM] CWE-297 CVE-2024-54019: A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0 A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection.

CVE-2025-25251 [HIGH] CWE-863 CVE-2025-25251: An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 thr An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.

CVE-2025-24473 [LOW] CWE-497 CVE-2025-24473: A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortin A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to p

CVE-2024-35281 [HIGH] CWE-653 CVE-2024-35281: An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4. An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables.

CVE-2025-22855 [LOW] CWE-79 An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortin... FG-IR-23-344: An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortin... An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing j

CVE-2019-16149 [MEDIUM] CWE-79 An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attack... FG-IR-19-072: An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attack... An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of

CVE-2020-9295 [MEDIUM] CWE-358 FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and For... FG-IR-20-037: FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and For... FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect ce

CVE-2023-45588 [HIGH] CWE-73 CVE-2023-45588: An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.

CVE-2024-52968 [HIGH] CWE-287 CVE-2024-52968: An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain i An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password.