CVE-2025-57716

Published: Oct 14, 2025Modified: Oct 15, 2025

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 5.9

Source: NVD

Description

An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder.

Affected (2)

Products: Fortinet: Forticlient

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Forticlient	From 7.0.0 to 7.2.12
Fortinet Forticlient	From 7.4.0 to 7.4.4

Related CWEs

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-25-685

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.