CVE-2025-54658

Name of the Vulnerable Software and Affected Versions Fortinet FortiDLP Agent versions 10.3.1, 10.4.0, 10.5.1, 11.0.1, 11.1.1 through 11.1.2, 11.2.0 through 11.2.3, 11.3.2 through 11.3.4, 11.4.2 through 11.4.6, and 11.5.1

Description An improper limitation of a pathname to a restricted directory ('Path Traversal') exists in the Fortinet FortiDLP Agent's Outlookproxy plugin on macOS. An authenticated attacker can send a crafted request to a local listening port, potentially escalating their privileges to root.

Recommendations Update Fortinet FortiDLP Agent to a version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.