CVE-2025-24473 | THREATINT

Description

A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)

PUBLISHED Reserved 2025-01-21 | Published 2025-05-28 | Updated 2026-01-14 | Assigner fortinet

MEDIUM: 4.8CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

Problem types

Information disclosure

Product status

Default status

unaffected

7.2.0 (semver)

affected

7.0.13 (semver)

affected

References

fortiguard.fortinet.com/psirt/FG-IR-24-548

cve.org (CVE-2025-24473)

nvd.nist.gov (CVE-2025-24473)

Download JSON