CVE-2025-53950

Summary

An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated administrator to collect current user's email information.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiDLP11.5.1affected
FortinetFortiDLP11.4.2 <= 11.4.6affected
FortinetFortiDLP11.3.2 <= 11.3.4affected
FortinetFortiDLP11.2.3affected
FortinetFortiDLP11.2.0affected
FortinetFortiDLP11.1.1 <= 11.1.2affected
FortinetFortiDLP11.0.1affected
FortinetFortiDLP10.5.1affected
FortinetFortiDLP10.4.0affected
FortinetFortiDLP10.3.1affected

Weaknesses

  • CWE-359: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References