CVE-2025-46774

Published: Oct 14, 2025Modified: Oct 22, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables.

Affected (2)

Products: Fortinet: Forticlient

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	From 7.0.0 to 7.2.10
Fortinet Forticlient	From 7.4.0 to 7.4.4

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-25-126

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.