CVE-2025-47761

Опубликовано: 18 нояб. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.

Ссылки

https://fortiguard.fortinet.com/psirt/FG-IR-25-112
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*

Версия от 7.2.0 (включая) до 7.2.10 (исключая)

cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*

Версия от 7.4.0 (включая) до 7.4.4 (исключая)

EPSS

Процентиль: 5%

0.00021

Низкий

7.8 High

CVSS3

Дефекты

CWE-782

Связанные уязвимости

GHSA-j48r-9cxh-ccpx

CVSS3: 7.8

github

3 месяца назад

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.

BDU:2025-14867

CVSS3: 7.8

fstec

3 месяца назад

Уязвимость средств защиты Fortinet FortiClientWindows, связанная с открытым IOCTL с недостаточным контролем доступа, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 5%

0.00021

Низкий

7.8 High

CVSS3

Дефекты

CWE-782