HIGH🇬🇧 English

CVE-2025-47761

CVSS 7.8v3.1pub. 2025-11-18upd. 2025-12-16

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Fortinet Forticlient

    APP
    Fortinet
    7.2.0 – 7.2.10 (bez)7.4.0 – 7.4.4 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
VPN
CWE
Referencje

Powiązane podatności

CVE-2023-45590CRITICAL9.6PL ✓ten sam produkt

Code injection w Fortinet FortiClientLinux umożliwiający RCE

CVE-2019-17658CRITICAL9.8ten sam produkt

An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and...

CVE-2026-24018HIGH7.8ten sam produkt

A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, Forti...

CVE-2025-62676HIGH7.1ten sam produkt

An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fort...

CVE-2025-46373HIGH7.8ten sam produkt

A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 throug...