Fortinet Forticlientwindows

FortiClient Windows 7.x Improper Link Resolution CVE-2025-62676
CVE-2025-62676 6.4 - Medium - February 10, 2026

An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages.

insecure temporary file

FortiClient Windows 7.4.0-7.4.3 Debug Code PrivEsc
CVE-2025-54660 4.9 - Medium - November 18, 2025

An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run the application step by step and retrieve the saved VPN user password

Active Debug Code

FortiClient 7.2.0-7.4.3 Heap Overflow in fortips_74.sys (CWE122)
CVE-2025-46373 7.1 - High - November 18, 2025

A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to execute arbitrary code or commands via "fortips_74.sys". The attacker would need to bypass the Windows heap integrity protections

Heap-based Buffer Overflow

FortiClient Windows IOCTL Access Control Bypass 7.4.07.4.3 via fortips driver
CVE-2025-47761 7.1 - High - November 18, 2025

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.

Exposed IOCTL with Insufficient Access Control

FortiClient DLL Hijack via Uncontrolled Search Path v7.0-7.4.3
CVE-2025-57716 6 - Medium - October 14, 2025

An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder.

DLL preloading

Fortinet FortiClient Windows: Info Disclosure via Port 8053 (7.2.0-7.2.1)
CVE-2025-24473 4.8 - Medium - May 28, 2025

A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)

Exposure of Sensitive System Information to an Unauthorized Control Sphere

FortiClient Windows 7.0.9 Untrusted Search Path DLL Hijack via OpenSSL Engine
CVE-2023-41840 7.4 - High - November 14, 2023

A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path.

Untrusted Path

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may
CVE-2021-41028 7.5 - High - December 16, 2021

A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.

Use of Hard-coded Credentials

An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior
CVE-2019-17658 - March 12, 2020

An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0
CVE-2017-7344 - December 14, 2017

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.