216.73.217.98

CVE-2025-47761

· Published 18/11/2025 17:16 · Modified 16/12/2025 11:15

Labels: CVE-2025-47761 2025-11-18CVE-2025-47761CWE-782[email protected]

Essential information

Published
18/11/2025 17:16
Modified
16/12/2025 11:15
Author
Creator
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS metrics

Description

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.

NVD status

Status
Modified — CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fortinet / forticlient cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
fortinet / forticlient cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*

References