Main Vulnerability Database Vulnerabilities #VU109046

#VU109046 Exposure of Sensitive System Information to an Unauthorized Control Sphere in Fortinet FortiClient for Windows - CVE-2025-24473

Published: May 13, 2025

Vulnerability identifier: #VU109046

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-24473

CWE-ID: CWE-497

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Fortinet FortiClient for Windows

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to exposure of sensitive system information to an unauthorized control sphere of FCT installation directory publicly accessible. An unauthorized remote attacker can view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup).

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-24-548

#VU109046 Exposure of Sensitive System Information to an Unauthorized Control Sphere in Fortinet FortiClient for Windows - CVE-2025-24473

Description

Remediation

External links

Please verify you're human