CVE-2025-47761

Published Nov 18, 2025

Last updated 3 months ago

CVSS high 7.8

Overview

Description
An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.
Source
psirt@fortinet.com
NVD status
Modified
Products
forticlient

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
6
Exploitability score
1.1
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@fortinet.com
CWE-782

Social media

Hype score
Not currently trending

  1. https://t.co/P9QiEvkceQ Highly dangerous vulnerabilities in FortiClient Windows The FortiGuard Labs security page warns of a highly dangerous vulnerability in FortiClient Windows. Fortinet lists the vulnerability under CVE-2025-47761, with a CVSS v3.1 score of 7.8. The update

    @B2bCyber

    30 Nov 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Hochgefährliche Schwachstellen in FortiClient Windows https://t.co/tiTE6cPkl9 Die Security-Seite der FortiGuard Labs warnt vor einer hochgefährlichen Schwachstelle in FortiClient Windows. Fortinet führt unter der CVE-2025-47761 die Schwachstelle mit einem CVSS-v3.1-Wert von

    @B2bCyber

    29 Nov 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️Vulnerabilidades en productos Fortinet ❗CVE-2025-58692 ❗CVE-2025-47761 ❗CVE-2025-46373 ➡️Más info: https://t.co/udVw71WvfO https://t.co/EwPgEvC4jz

    @CERTpy

    26 Nov 2025

    110 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-47761 Local Privilege Escalation in Fortinet FortiClient Windows via Exposed IOCTL https://t.co/Sf8oTPwQRT

    @VulmonFeeds

    18 Nov 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages.CVE-2025-62676
  2. An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run the application step by step and retrieve the saved VPN user passwordCVE-2025-54660
  3. A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to execute arbitrary code or commands via "fortips_74.sys". The attacker would need to bypass the Windows heap integrity protectionsCVE-2025-46373
  4. An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder.CVE-2025-57716
  5. An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking.CVE-2025-57741

References

Sources include official advisories and independent security research.