CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2025-25251
https://notcve.org/view.php?id=CVE-2025-25251
28 May 2025 — An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages. • https://fortiguard.fortinet.com/psirt/FG-IR-25-016 • CWE-863: Incorrect Authorization •
CVSS: 5.9EPSS: 0%CPEs: 32EXPL: 0CVE-2022-45856
https://notcve.org/view.php?id=CVE-2022-45856
10 Sep 2024 — An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the F... • https://fortiguard.fortinet.com/psirt/FG-IR-22-230 • CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-31489
https://notcve.org/view.php?id=CVE-2024-31489
10 Sep 2024 — AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation Una vulnerabilidad de validación de certificado incorrecta [CWE-295] en FortiClientWindows 7... • https://fortiguard.fortinet.com/psirt/FG-IR-22-282 • CWE-295: Improper Certificate Validation •