CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-25251
https://notcve.org/view.php?id=CVE-2025-25251
28 May 2025 — An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages. • https://fortiguard.fortinet.com/psirt/FG-IR-25-016 • CWE-863: Incorrect Authorization •
CVSS: 2.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35281
https://notcve.org/view.php?id=CVE-2024-35281
13 May 2025 — An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables. • https://fortiguard.fortinet.com/psirt/FG-IR-24-025 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45588
https://notcve.org/view.php?id=CVE-2023-45588
14 Mar 2025 — An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. • https://fortiguard.com/psirt/FG-IR-23-345 • CWE-73: External Control of File Name or Path •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-52968
https://notcve.org/view.php?id=CVE-2024-52968
11 Feb 2025 — An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password. • https://fortiguard.fortinet.com/psirt/FG-IR-24-300 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-50570
https://notcve.org/view.php?id=CVE-2024-50570
18 Dec 2024 — A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector • https://fortiguard.fortinet.com/psirt/FG-IR-23-278 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40592
https://notcve.org/view.php?id=CVE-2024-40592
12 Nov 2024 — An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process. An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and ... • https://fortiguard.fortinet.com/psirt/FG-IR-24-022 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.9EPSS: 0%CPEs: 32EXPL: 0CVE-2022-45856
https://notcve.org/view.php?id=CVE-2022-45856
10 Sep 2024 — An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the F... • https://fortiguard.fortinet.com/psirt/FG-IR-22-230 • CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-31489
https://notcve.org/view.php?id=CVE-2024-31489
10 Sep 2024 — AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation Una vulnerabilidad de validación de certificado incorrecta [CWE-295] en FortiClientWindows 7... • https://fortiguard.fortinet.com/psirt/FG-IR-22-282 • CWE-295: Improper Certificate Validation •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31492
https://notcve.org/view.php?id=CVE-2024-31492
10 Apr 2024 — An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. Un control externo de la vulnerabilidad de nombre de archivo o ruta [CWE-73] en FortiClientMac versión 7.2.3 y anteriores, versión 7.0.10 y el instalador inferior puede permitir a un atacante local ejecutar códig... • https://fortiguard.com/psirt/FG-IR-23-345 • CWE-73: External Control of File Name or Path •