CVE-2025-31365

Summary

An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientMac7.4.0 <= 7.4.3affected
FortinetFortiClientMac7.2.1 <= 7.2.8affected

Weaknesses

  • CWE-94: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References