CVE-2025-24473

EPSS 0.04%
Veröffentlicht 28.05.2025 07:55:57
Zuletzt bearbeitet 08.01.2026 22:16:02
Quelle psirt@fortinet.com
CVE-Watchlists
Login
Unerledigt
Login

A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ FortiClient SwPlatformwindows Version >= 7.2.0 < 7.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.125

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
psirt@fortinet.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

https://fortiguard.fortinet.com/psirt/FG-IR-24-548

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-24473

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-24473

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-24473

EUVD