{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-24473","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2025-01-21T20:48:07.886Z","datePublished":"2025-05-28T07:55:57.065Z","dateUpdated":"2026-01-14T09:15:52.786Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiClientWindows","cpes":["cpe:2.3:a:fortinet:forticlientwindows:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:forticlientwindows:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:forticlientwindows:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:forticlientwindows:7.0.13:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.1","status":"affected"},{"versionType":"semver","version":"7.0.13","lessThanOrEqual":"7.0.14","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)"}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2026-01-14T09:15:52.786Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-497","description":"Information disclosure","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.8,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C"}}],"solutions":[{"lang":"en","value":"Upgrade to FortiClientWindows version 7.2.2 or above"}],"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-24-548","url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-548"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-28T13:31:03.709587Z","id":"CVE-2025-24473","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-28T13:31:09.136Z"}}]}}