CVE-2025-24473 MEDIUM

CVE-2025-24473

Vendor Fortinet
Product FortiClientWindows
Weakness CWE-497
Published May 28, 2025
Last update January 14, 2026

CVSS base score

4.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

What the vulnerability does

01Description

A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)

Key dates

02Disclosure timeline

May 28, 2025 CVE published
January 14, 2026 Record updated