Main Vulnerability Database Vulnerabilities #VU109046

Exposure of Sensitive System Information to an Unauthorized Control Sphere in Fortinet FortiClient for Windows - CVE-2025-24473

Published: May 13, 2025

Vulnerability identifier: #VU109046

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-24473

CWE-ID: CWE-497

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
Fortinet FortiClient for Windows

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to exposure of sensitive system information to an unauthorized control sphere of FCT installation directory publicly accessible. An unauthorized remote attacker can view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup).

How to mitigate CVE-2025-24473

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-24-548

Exposure of Sensitive System Information to an Unauthorized Control Sphere in Fortinet FortiClient for Windows - CVE-2025-24473

Detailed vulnerability description

How to mitigate CVE-2025-24473

Sources

Please verify you're human