CVE-2025-24473

A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)

Published: May 28, 2025
Updated: Jun 5, 2025
CVE: CVE-2025-24473
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.7
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-497

Affected Software
References

Software	From	Fixed in
fortinet / forticlient	7.2.0	7.2.2

https://fortiguard.fortinet.com/psirt/FG-IR-24-548

Vulnerability Database

289,599

CVE-2025-24473