CVE-2025-24473

Summary

A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientWindows7.2.0 <= 7.2.1affected
FortinetFortiClientWindows7.0.13 <= 7.0.14affected

Weaknesses

  • CWE-497: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References