CVE-2025-53950

Published: Oct 16, 2025Modified: Oct 16, 2025

6.0

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Exploitability: 1.5 / Impact: 4.0

Source: NVD

Description

An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated administrator to collect current user's email information.

Affected (1)

Products: Fortinet: Fortidlp Agent

1 product

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Fortinet Fortidlp Agent	From 10.3.1 to 11.5.1

Running on/with	Platform Versions
Apple Macos	All versions
Microsoft Windows	All versions

Related CWEs

Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-25-639

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.