CVE-2025-25251

Incorrect Authorization in FortiClient Mac Allows Privilege Escalation

Publication date: 2025-05-28

Last updated on: 2025-06-04

Description

An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Affected Vendors & Products

Vendor	Product	Version
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	From 6.4.0 (inc) to 7.2.9 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-863	Incorrect Authorization

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

How can this vulnerability impact me? :

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

Meta Information

CVE Publication Date:

2025-05-28

CVE Last Modified Date:

2025-06-04

Report Generation Date:

2025-09-04

AI Powered Q&A Generation:

2025-05-28

EPSS Last Evaluated Date:

2025-08-20

NVD Report Link:

CVE-2025-25251