csaf_certbund - wid-sec-w-2025-1021

wid-sec-w-2025-1021

Vulnerability from csaf_certbund

Published

2025-05-13 22:00

Modified

2025-05-13 22:00

Summary

Fortinet FortiClient Mac, Windows, EMS und FortiVoice: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

FortiClient ist ein Endgeräteschutz mit einem integrierten VPN-Client. FortiVoice Enterprise ist eine Unified Communications-Lösung.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in Fortinet FortiClient und Fortinet FortiVoice ausnutzen, um beliebigen Code auszuführen, erhöhte Rechte zu erlangen, Daten zu manipulieren und vertrauliche Informationen preiszugeben.

Betroffene Betriebssysteme

- MacOS X - Sonstiges - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "FortiClient ist ein Endger\u00e4teschutz mit einem integrierten VPN-Client.\r\nFortiVoice Enterprise ist eine Unified Communications-L\u00f6sung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Fortinet FortiClient und Fortinet FortiVoice ausnutzen, um beliebigen Code auszuf\u00fchren, erh\u00f6hte Rechte zu erlangen, Daten zu manipulieren und vertrauliche Informationen preiszugeben.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X\n- Sonstiges\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1021 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1021.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1021 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1021"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-24-025 vom 2025-05-13",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-025"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-25-016 vom 2025-05-13",
        "url": "https://www.fortiguard.com/psirt/FG-IR-25-016"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-24-548 vom 2025-05-13",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-548"
      },
      {
        "category": "external",
        "summary": "FortiGuard PSIRT Advisory FG-IR-24-552 vom 2025-05-13",
        "url": "https://www.fortiguard.com/psirt/FG-IR-24-552"
      }
    ],
    "source_lang": "en-US",
    "title": "Fortinet FortiClient Mac, Windows, EMS und FortiVoice: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-05-13T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-14T09:14:17.462+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1021",
      "initial_release_date": "2025-05-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-05-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Mac \u003c7.4.3",
                "product": {
                  "name": "Fortinet FortiClient Mac \u003c7.4.3",
                  "product_id": "T043720"
                }
              },
              {
                "category": "product_version",
                "name": "Mac 7.4.3",
                "product": {
                  "name": "Fortinet FortiClient Mac 7.4.3",
                  "product_id": "T043720-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:forticlient:mac__7.4.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Mac \u003c7.2.9",
                "product": {
                  "name": "Fortinet FortiClient Mac \u003c7.2.9",
                  "product_id": "T043721"
                }
              },
              {
                "category": "product_version",
                "name": "Mac 7.2.9",
                "product": {
                  "name": "Fortinet FortiClient Mac 7.2.9",
                  "product_id": "T043721-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:forticlient:mac__7.2.9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Mac 7.0",
                "product": {
                  "name": "Fortinet FortiClient Mac 7.0",
                  "product_id": "T043723",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:forticlient:mac_7.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Windows \u003c7.2.2",
                "product": {
                  "name": "Fortinet FortiClient Windows \u003c7.2.2",
                  "product_id": "T043724"
                }
              },
              {
                "category": "product_version",
                "name": "Windows 7.2.2",
                "product": {
                  "name": "Fortinet FortiClient Windows 7.2.2",
                  "product_id": "T043724-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:forticlient:windows__7.2.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "EMS \u003c7.4.3",
                "product": {
                  "name": "Fortinet FortiClient EMS \u003c7.4.3",
                  "product_id": "T043725"
                }
              },
              {
                "category": "product_version",
                "name": "EMS 7.4.3",
                "product": {
                  "name": "Fortinet FortiClient EMS 7.4.3",
                  "product_id": "T043725-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:forticlient:ems__7.4.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "EMS Cloud 7.4",
                "product": {
                  "name": "Fortinet FortiClient EMS Cloud 7.4",
                  "product_id": "T043726",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:forticlient:ems_cloud_7.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FortiClient"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "UCDesktop 3.0",
                "product": {
                  "name": "Fortinet FortiVoice UCDesktop 3.0",
                  "product_id": "T043722",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortivoice:ucdesktop_3.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FortiVoice"
          }
        ],
        "category": "vendor",
        "name": "Fortinet"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-35281",
      "product_status": {
        "known_affected": [
          "T043720",
          "T043721",
          "T043722",
          "T043723"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2024-35281"
    },
    {
      "cve": "CVE-2025-22859",
      "product_status": {
        "known_affected": [
          "T043725",
          "T043726"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-22859"
    },
    {
      "cve": "CVE-2025-24473",
      "product_status": {
        "known_affected": [
          "T043724"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-24473"
    },
    {
      "cve": "CVE-2025-25251",
      "product_status": {
        "known_affected": [
          "T043720",
          "T043721",
          "T043723"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-25251"
    }
  ]
}

CVE-2025-25251 (GCVE-0-2025-25251)

Vulnerability from cvelistv5

Published

2025-05-28 07:53

Modified

2025-05-29 03:55

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RC:C

CWE

CWE-863 - Escalation of privilege

Summary

An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.

References

►

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-016

Impacted products

	Vendor	Product	Version
	Fortinet	FortiClientMac	Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.8 Version: 7.0.0 ≤ 7.0.14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-25251",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-28T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-29T03:55:41.794Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiClientMac",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.8",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.14",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-28T07:53:42.390Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-016",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-016"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiClientMac version 7.4.3 or above \nPlease upgrade to FortiClientMac version 7.2.9 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-25251",
    "datePublished": "2025-05-28T07:53:42.390Z",
    "dateReserved": "2025-02-05T13:31:18.866Z",
    "dateUpdated": "2025-05-29T03:55:41.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35281 (GCVE-0-2024-35281)

Vulnerability from cvelistv5

Published

2025-05-13 14:46

Modified

2025-05-13 15:17

Severity ?

2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RC:R

CWE

CWE-653 - Execute unauthorized code or commands

Summary

An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables.

References

►

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-24-025

Impacted products

Vendor

Product

Version

►

Fortinet

FortiClientMac

Version: 7.4.0   ≤ 7.4.2
Version: 7.2.0   ≤ 7.2.8
Version: 7.0.0   ≤ 7.0.14

Fortinet

FortiVoiceUCDesktop

Version: 3.0.0 ≤ 3.0.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35281",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T15:17:53.581796Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T15:17:58.536Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiClientMac",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.8",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.14",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiVoiceUCDesktop",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "3.0.16",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T14:46:42.574Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-025",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-025"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiClientMac version 7.4.3 or above \nPlease upgrade to FortiClientMac version 7.2.9 or above \nPlease upgrade to FortiVoiceUCDesktop version 7.0.0 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-35281",
    "datePublished": "2025-05-13T14:46:42.574Z",
    "dateReserved": "2024-05-14T21:15:19.190Z",
    "dateUpdated": "2025-05-13T15:17:58.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24473 (GCVE-0-2025-24473)

Vulnerability from cvelistv5

Published

2025-05-28 07:55

Modified

2025-05-28 13:31

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CWE

CWE-497 - Information disclosure

Summary

A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)

References

►

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-24-548

Impacted products

	Vendor	Product	Version
	Fortinet	FortiClientWindows	Version: 7.2.0 ≤ 7.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24473",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-28T13:31:03.709587Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-28T13:31:09.136Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiClientWindows",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-28T07:55:57.065Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-548",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-548"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiClientWindows version 7.2.2 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-24473",
    "datePublished": "2025-05-28T07:55:57.065Z",
    "dateReserved": "2025-01-21T20:48:07.886Z",
    "dateUpdated": "2025-05-28T13:31:09.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-22859 (GCVE-0-2025-22859)

Vulnerability from cvelistv5

Published

2025-05-13 14:46

Modified

2025-05-13 15:17

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RC:C

CWE

CWE-23 - Execute unauthorized code or commands

Summary

A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests.

References

►

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-24-552

Impacted products

	Vendor	Product	Version
	Fortinet	FortiClientEMS	Version: 7.4.0 ≤ 7.4.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22859",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T15:17:35.244022Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T15:17:40.699Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiClientEMS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A\u00a0Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T14:46:42.743Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-552",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-552"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiClientEMS Cloud version 7.4.3 or above \nPlease upgrade to FortiClientEMS version 7.4.3 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-22859",
    "datePublished": "2025-05-13T14:46:42.743Z",
    "dateReserved": "2025-01-08T09:38:22.820Z",
    "dateUpdated": "2025-05-13T15:17:40.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

wid-sec-w-2025-1021

Vulnerability from csaf_certbund

CVE-2025-25251 (GCVE-0-2025-25251)

Vulnerability from cvelistv5

CVE-2024-35281 (GCVE-0-2024-35281)

Vulnerability from cvelistv5

CVE-2025-24473 (GCVE-0-2025-24473)

Vulnerability from cvelistv5

CVE-2025-22859 (GCVE-0-2025-22859)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature