Main Vulnerability Database Vulnerabilities #VU117142

Code Injection in FortiClient (macOS) - CVE-2025-31365

Published: October 15, 2025

Vulnerability identifier: #VU117142

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-31365

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiClient (macOS)

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper control of generation of code ('code injection') in login window. An unauthenticated attacker can execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.

How to mitigate CVE-2025-31365

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-25-037

Code Injection in FortiClient (macOS) - CVE-2025-31365

Detailed vulnerability description

How to mitigate CVE-2025-31365

Sources

Please verify you're human