CVE-2025-31365 | THREATINT

Description

An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.

PUBLISHED Reserved 2025-03-28 | Published 2025-10-14 | Updated 2025-10-16 | Assigner fortinet

MEDIUM: 5.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L/E:P/RL:X/RC:C

Problem types

Execute unauthorized code or commands

Product status

Default status

unaffected

7.4.0 (semver)

affected

7.2.1 (semver)

affected

References

fortiguard.fortinet.com/psirt/FG-IR-25-037

cve.org (CVE-2025-31365)

nvd.nist.gov (CVE-2025-31365)

Download JSON