PT-2025-47351 · Fortinet · Forticlientwindows+1

Published

2025-11-18

Updated

2025-11-19

CVE-2025-46373

CVSS v3.1

7.8

High

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientWindows versions 7.2.0 through 7.2.8 Fortinet FortiClientWindows versions 7.4.0 through 7.4.3

Description A heap-based buffer overflow exists in Fortinet FortiClientWindows. A local IPSec user with authentication may be able to execute arbitrary code or commands through the 'fortips 74.sys' file. Successful exploitation requires bypassing Windows heap integrity protections.

Recommendations Update FortiClientWindows to a version later than 7.4.3. Update FortiClientWindows to a version later than 7.2.8.

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

BDU:2025-14861

CVE-2025-46373

Affected Products

Forticlientwindows

Fortips 74.Sys

PT-2025-47351 · Fortinet · Forticlientwindows+1

CVE-2025-46373

Weakness Enumeration

Related Identifiers

Affected Products

References · 7