#VU117213 Exposure of private information ('privacy violation') in FortiDLP Agent - CVE-2025-53950
Published: October 15, 2025
Vulnerability identifier: #VU117213
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-53950
CWE-ID:
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
FortiDLP Agent
FortiDLP Agent
Software vendor:
Fortinet, Inc
Fortinet, Inc
Description
The vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to exposure of private information ('privacy violation'). An authenticated windows administrator can collect current user's email information.
Remediation
Install update from vendor's website.