Fortinet Forticlientmac vulnerabilities

CVE-2025-31365 [MEDIUM] CWE-94 CVE-2025-31365: An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMa An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.

CVE-2025-46774 [HIGH] CWE-347 CVE-2025-46774: An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS ins An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables.

CVE-2025-57741 [HIGH] CWE-732 CVE-2025-57741: An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7 An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking.

CVE-2025-25251 [HIGH] CWE-863 CVE-2025-25251: An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 thr An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.

CVE-2024-35281 [LOW] CWE-653 CVE-2024-35281: An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4. An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables.

CVE-2023-45588 [HIGH] CWE-73 CVE-2023-45588: An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.

CVE-2024-52968 [MEDIUM] CWE-287 CVE-2024-52968: An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain i An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password.

CVE-2024-50570 [MEDIUM] CWE-312 CVE-2024-50570: A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 thr A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage colle

CVE-2024-40592 [HIGH] CWE-347 CVE-2024-40592: An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS ver An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process.

CVE-2024-31489 [MEDIUM] CWE-295 CVE-2024-31489: AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2. AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel betwe

CVE-2022-45856 [MEDIUM] CWE-295 CVE-2022-45856: An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7 An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 a

CVE-2024-31492 [HIGH] CWE-73 CVE-2024-31492: An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.

CVE-2023-37939 [LOW] CWE-200 CVE-2023-37939: An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated

CVE-2023-22635 [HIGH] CWE-494 CVE-2023-22635: A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 t A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgr

CVE-2019-5585 [MEDIUM] CVE-2019-5585: An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to aff An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes.