- Description
- A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to execute arbitrary code or commands via "fortips_74.sys". The attacker would need to bypass the Windows heap integrity protections
- Source
- psirt@fortinet.com
- NVD status
- Modified
- Products
- forticlient
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 6
- Exploitability score
- 1.1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
- psirt@fortinet.com
- CWE-122
- Hype score
- Not currently trending
⚠️Vulnerabilidades en productos Fortinet ❗CVE-2025-58692 ❗CVE-2025-47761 ❗CVE-2025-46373 ➡️Más info: https://t.co/udVw71WvfO https://t.co/EwPgEvC4jz
@CERTpy
26 Nov 2025
110 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-46373 A Heap-based Buffer Overflow vulnerability [CWE-122] in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authentic… https://t.co/GcPiXF1x54
@CVEnew
19 Nov 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5557A33B-0705-4621-B729-BD087AB315AA",
"versionEndExcluding": "7.2.9",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "51121FCA-2CA9-4B4B-A27C-C4729AB797BB",
"versionEndExcluding": "7.4.4",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]