
CVE-2025-25251
https://notcve.org/view.php?id=CVE-2025-25251
28 May 2025 — An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages. • https://fortiguard.fortinet.com/psirt/FG-IR-25-016 • CWE-863: Incorrect Authorization •

CVE-2024-35281
https://notcve.org/view.php?id=CVE-2024-35281
13 May 2025 — An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables. • https://fortiguard.fortinet.com/psirt/FG-IR-24-025 • CWE-653: Improper Isolation or Compartmentalization •

CVE-2024-52968
https://notcve.org/view.php?id=CVE-2024-52968
11 Feb 2025 — An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password. • https://fortiguard.fortinet.com/psirt/FG-IR-24-300 • CWE-287: Improper Authentication •

CVE-2024-50570
https://notcve.org/view.php?id=CVE-2024-50570
18 Dec 2024 — A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector • https://fortiguard.fortinet.com/psirt/FG-IR-23-278 • CWE-312: Cleartext Storage of Sensitive Information •

CVE-2024-40592
https://notcve.org/view.php?id=CVE-2024-40592
12 Nov 2024 — An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process. An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and ... • https://fortiguard.fortinet.com/psirt/FG-IR-24-022 • CWE-347: Improper Verification of Cryptographic Signature •