#VU118597 Exposed IOCTL with Insufficient Access Control in Fortinet FortiClient for Windows - CVE-2025-47761
Published: November 18, 2025
Vulnerability identifier: #VU118597
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-47761
CWE-ID: CWE-782
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Fortinet FortiClient for Windows
Fortinet FortiClient for Windows
Software vendor:
Fortinet, Inc
Fortinet, Inc
Description
The vulnerability allows a local authenticated user to execute arbitrary code.
The vulnerability exists due to exposed ioctl with insufficient access control via FortIPS driver. An authenticated local user can execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.
Remediation
Install update from vendor's website.