CVE-2025-24473

CVE Database · CVE-2025-24473

CVE-2025-24473

· LOWModified

CVSS v3.1

3.7

EPSS

0.45%

Published

May 28, 2025

Modified

Jan 8, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-497

Affected Products (1)

fortinet · forticlient (up to 7.2.2)vulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-548

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs