SB2025051367 - Exposure of Sensitive System Information to an Unauthorized Control Sphere in Fortinet FortiClient for Windows 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025051367

SB2025051367 - Exposure of Sensitive System Information to an Unauthorized Control Sphere in Fortinet FortiClient for Windows

Published: May 13, 2025

Security Bulletin ID SB2025051367
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-ID: CVE-2025-24473)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to exposure of sensitive system information to an unauthorized control sphere of FCT installation directory publicly accessible. An unauthorized remote attacker can view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup).


Remediation

Install update from vendor's website.

References