Exposed IOCTL with Insufficient Access Control in Fortinet FortiClient for Windows - CVE-2025-47761

 

Exposed IOCTL with Insufficient Access Control in Fortinet FortiClient for Windows - CVE-2025-47761

Published: November 18, 2025


Vulnerability identifier: #VU118597
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-47761
CWE-ID: CWE-782
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Fortinet, Inc
Affected software:
Fortinet FortiClient for Windows

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to exposed ioctl with insufficient access control via FortIPS driver. An authenticated local user can execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.


How to mitigate CVE-2025-47761

Install update from vendor's website.

Sources