CVE-2025-57741

An Incorrect Permission Assignment for Critical Resource vulnerability CWE-732 in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking...

CVE-2025-46774

An Improper Verification of Cryptographic Signature vulnerability CWE-347 in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables...

EUVD-2025-16290

Malicious code in bioql PyPI...

CVE-2025-25251

An Incorrect Authorization vulnerability CWE-863 in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages...

CVE-2025-25251

An Incorrect Authorization vulnerability CWE-863 in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages...

CVE-2025-25251

An Incorrect Authorization vulnerability CWE-863 in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages...

CVE-2025-25251

An Incorrect Authorization vulnerability CWE-863 in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages...

CVE-2025-25251

An Incorrect Authorization vulnerability CWE-863 in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages...

CVE-2025-25251

Fortinet FortiClient MAC is affected by CVE-2025-25251 (Incorrect Authorization, CWE-863) across multiple release lines (7.0.0–7.0.14, 7.2.0–7.2.8, 7.4.0–7.4.2). The vulnerability enables local privilege escalation via crafted XPC messages. Remediation per PT-2025-23068 advises updating FortiClie...

CVE-2019-15704

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway...

PT-2025-23068 · Fortinet · Forticlient

Name of the Vulnerable Software and Affected Versions: FortiClient Mac versions 7.0.0 through 7.0.14 FortiClient Mac versions 7.2.0 through 7.2.8 FortiClient Mac versions 7.4.0 through 7.4.2 Description: The issue is related to an Incorrect Authorization vulnerability that may allow a local...

PT-2024-9819 · Fortinet · Forticlientwindows +4

Name of the Vulnerable Software and Affected Versions: FortiClientWindows versions 6.4 through 7.0.7 FortiClientMac versions 6.4 through 7.2.4 FortiClientLinux versions 6.4 through 7.2.4 FortiClientAndroid versions 6.4 through 7.2.0 FortiClientiOS versions 5.6 through 7.0.6 Description: The issue...

PT-2024-9823 · Fortinet · Forticlientmac +3

Name of the Vulnerable Software and Affected Versions: FortiClientWindows versions 7.0.0 through 7.0.11, 7.2.0 through 7.2.2 FortiClientLinux versions 7.0.0 through 7.0.11, 7.2.0 FortiClientMac versions 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 Description: The issue is related to an improper...

Fortinet FortiClient 安全漏洞

Fortinet FortiClient is a structured agent from Fortinet, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client. A security vulnerability exists in FortiClient Mac that stems from allowing a local attacker to modify the installer to elevate...

CVE-2022-33878

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal...

CVE-2022-33878

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal...

PT-2022-21879 · Fortinet · Forticlient +1

Name of the Vulnerable Software and Affected Versions: FortiClient for Mac versions 7.0.0 through 7.0.5 Description: The issue allows a local authenticated attacker to obtain the SSL-VPN password in cleartext by running a logstream for the FortiTray process in the terminal, potentially exposing...

Fortinet FortiClient 信息泄露漏洞

Fortinet FortiClient is a structured agent from Fortinet, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client. An information disclosure vulnerability exists in Fortinet FortiClient Mac. An attacker exploiting this vulnerability could bypass...

Fortinet FortiClient 信任管理问题漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. A trust management issue vulnerability exists in Fortin...

CVE-2021-41028

A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an...