CVE-2025-24473
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Summary
A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortinet | FortiClientWindows | 7.2.0 <= 7.2.1 | affected |
| Fortinet | FortiClientWindows | 7.0.13 <= 7.0.14 | affected |
Weaknesses
- CWE-497: Information disclosure
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.