CVE-2025-25251

HIGH7.4Auth bypass

Description

An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Physical

Changed

Affected products

fortinet / forticlientmac7.4.0 – 7.4.2
fortinet / forticlientmac7.2.0 – 7.2.8
fortinet / forticlientmac7.0.0 – 7.0.14

References

VENDOR_ADVISORYhttps://fortiguard.fortinet.com/psirt/FG-IR-25-016