CVE-2025-24473

A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-548	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*

History

No history.

Information

Published : 2025-05-28 08:15

Updated : 2026-01-08 22:16

NVD link : CVE-2025-24473

Mitre link : CVE-2025-24473

CVE.ORG link : CVE-2025-24473

JSON object : View

Products Affected

fortinet

forticlient

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

NVD-CWE-noinfo

{"id": "CVE-2025-24473", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2025-05-28T08:15:21.230", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-548", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-497"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)"}, {"lang": "es", "value": "Una exposici\u00f3n de informaci\u00f3n confidencial del sistema a una esfera de control no autorizada en Fortinet FortiClientWindows versiones 7.2.0 a 7.2.1 puede permitir que un atacante remoto no autorizado vea informaci\u00f3n de la aplicaci\u00f3n a trav\u00e9s de la navegaci\u00f3n a una p\u00e1gina web alojada, si Windows est\u00e1 configurado para aceptar conexiones entrantes al puerto 8053 (configuraci\u00f3n no predeterminada)"}], "lastModified": "2026-01-08T22:16:02.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "9E9DD222-9198-4E02-A086-2B24F06BBA53", "versionEndExcluding": "7.2.2", "versionStartIncluding": "7.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}