CVEFinder.io

CVE-2025-47761

⚠ī¸ high
🔍 Scan for this CVE
Summary

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.

CVSS Score
7.8
High
EPSS Score
0.0
Exploit Probability
Published Date
2025-11-18
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.7% of all 321,566 vulnerabilities in our database.

#97,378
Above average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Nov 18, 2025
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2025-12-16
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-782

đŸ“Ļ Affected Products 2

Vendor Product Status Affected Versions
fortinet forticlient Affected
≥ 7.2.0 < 7.2.10
fortinet forticlient Affected
≥ 7.4.0 < 7.4.4

🔗 References 1

https://fortiguard.fortinet.com/psirt/FG-IR-25-112
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-44278 ℹī¸ low 2.3 0.0 A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindo... 2026-05-12
CVE-2026-24018 ⚠ī¸ high 7.8 0.0 A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinu... 2026-03-10
CVE-2025-62676 ⚠ī¸ high 7.1 0.0 An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet Forti... 2026-02-10
CVE-2025-46373 ⚠ī¸ high 7.8 0.0 A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, F... 2025-11-18
CVE-2025-54660 đŸ”ļ medium 5.5 0.0 An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through ... 2025-11-18
CVE-2025-31365 đŸ”ļ medium 5.8 0.0 An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.... 2025-10-14
These CVEs affect the same products