CVE-2025-57741

An Incorrect Permission Assignment for Critical Resource vulnerability CWE-732 in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking...

CVE-2025-46774

An Improper Verification of Cryptographic Signature vulnerability CWE-347 in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables...

EUVD-2025-16290

Malicious code in bioql PyPI...

CVE-2025-25251

An Incorrect Authorization vulnerability CWE-863 in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages...

CVE-2025-25251

An Incorrect Authorization vulnerability CWE-863 in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages...

CVE-2025-25251

An Incorrect Authorization vulnerability CWE-863 in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages...

CVE-2025-25251

An Incorrect Authorization vulnerability CWE-863 in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages...

CVE-2025-25251

Fortinet FortiClient MAC is affected by CVE-2025-25251 (Incorrect Authorization, CWE-863) across multiple release lines (7.0.0–7.0.14, 7.2.0–7.2.8, 7.4.0–7.4.2). The vulnerability enables local privilege escalation via crafted XPC messages. Remediation per PT-2025-23068 advises updating FortiClie...

CVE-2025-25251

An Incorrect Authorization vulnerability CWE-863 in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages...

CVE-2019-15704

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway...

PT-2025-23068 · Fortinet · Forticlient

Name of the Vulnerable Software and Affected Versions: FortiClient Mac versions 7.0.0 through 7.0.14 FortiClient Mac versions 7.2.0 through 7.2.8 FortiClient Mac versions 7.4.0 through 7.4.2 Description: The issue is related to an Incorrect Authorization vulnerability that may allow a local...

The vulnerability of the command-line interface (CLI) of the FortiClient for MAC security tool allows a perpetrator to gain unauthorized access to the system.

The vulnerability of the command-line interface CLI of the FortiClient for MAC security tool is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to the system...

PT-2024-9819 · Fortinet · Forticlientwindows +4

Name of the Vulnerable Software and Affected Versions: FortiClientWindows versions 6.4 through 7.0.7 FortiClientMac versions 6.4 through 7.2.4 FortiClientLinux versions 6.4 through 7.2.4 FortiClientAndroid versions 6.4 through 7.2.0 FortiClientiOS versions 5.6 through 7.0.6 Description: The issue...

PT-2024-9823 · Fortinet · Forticlientmac +3

Name of the Vulnerable Software and Affected Versions: FortiClientWindows versions 7.0.0 through 7.0.11, 7.2.0 through 7.2.2 FortiClientLinux versions 7.0.0 through 7.0.11, 7.2.0 FortiClientMac versions 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 Description: The issue is related to an improper...

The vulnerability of the FortiClient for MAC protection mechanism lies in improper external management of file names or paths, allowing attackers to execute arbitrary code.

The vulnerability of the FortiClient for MAC protection tool is related to incorrect external manipulation of the file name or file path. Exploiting this vulnerability allows an attacker to execute arbitrary code by writing the malicious file to the /tmp directory...

Fortinet FortiClient 安全漏洞

Fortinet FortiClient is a structured agent from Fortinet, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client. A security vulnerability exists in FortiClient Mac that stems from allowing a local attacker to modify the installer to elevate...

CVE-2022-33878

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal...

CVE-2022-33878

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal...

PT-2022-21879 · Fortinet · Forticlient +1

Name of the Vulnerable Software and Affected Versions: FortiClient for Mac versions 7.0.0 through 7.0.5 Description: The issue allows a local authenticated attacker to obtain the SSL-VPN password in cleartext by running a logstream for the FortiTray process in the terminal, potentially exposing...

Fortinet FortiClient 信息泄露漏洞

Fortinet FortiClient is a structured agent from Fortinet, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client. An information disclosure vulnerability exists in Fortinet FortiClient Mac. An attacker exploiting this vulnerability could bypass...