Main Vulnerability Database SB2025111866

SB2025111866 - Exposed IOCTL with Insufficient Access Control in Fortinet FortiClient for Windows

Published: November 18, 2025

Security Bulletin ID SB2025111866

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Exposed IOCTL with Insufficient Access Control (CVE-ID: CVE-2025-47761)

CWE-ID: CWE-782 - Exposed IOCTL with Insufficient Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to exposed ioctl with insufficient access control via FortIPS driver. An authenticated local user can execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.

Remediation

Install update from vendor's website.

References

https://www.fortiguard.com/psirt/FG-IR-25-112