CVE-2025-24473
Last modified
CVE-2025-24473 is a low-severity vulnerability rated 3.7/10 on the CVSS scale. A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup). EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Forticlient | >= 7.2.0, < 7.2.2 |
References
- https://fortiguard.fortinet.com/psirt/FG-IR-24-548Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-24473?
How severe is CVE-2025-24473?
How do I fix CVE-2025-24473?
Are you affected by CVE-2025-24473?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST