CVE-2025-62676 MEDIUM

CVE-2025-62676

Vendor Fortinet
Product FortiClientWindows
Weakness CWE-59
Published February 10, 2026
Last update February 26, 2026

CVSS base score

6.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C

What the vulnerability does

01Description

An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages.

Key dates

02Disclosure timeline

February 10, 2026 CVE published
February 26, 2026 Record updated