PT-2025-47357 · Fortinet · Forticlientwindows

Published

2025-11-18

Updated

2025-11-19

CVE-2025-54660

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientWindows versions 7.0.0 through 7.4.3 Fortinet FortiClientWindows version 7.2.0 through 7.2.10

Description A debug code issue exists in FortiClientWindows that could allow a local attacker to execute the application step by step and obtain the stored VPN user password. The issue involves leftover debug code that exposes VPN credentials.

Recommendations FortiClientWindows versions 7.0.0 through 7.4.3 should be updated. FortiClientWindows versions 7.2.0 through 7.2.10 should be updated.

Fix

LPE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-489

Related Identifiers

BDU:2025-14870

CVE-2025-54660

Affected Products

Forticlientwindows

PT-2025-47357 · Fortinet · Forticlientwindows

CVE-2025-54660

Weakness Enumeration

Related Identifiers

Affected Products

References · 8