CVE-2025-46774
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-22
Assigner: Fortinet, Inc.
Description
Description
An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | forticlient | From 7.4.0 (inc) to 7.4.3 (inc) |
| fortinet | forticlient | From 7.4.0 (inc) to 7.4.3 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Verification of Cryptographic Signature (CWE-347) in FortiClient MacOS installer versions 7.4.2 and below, 7.2.9 and below, and all 7.0 versions. It may allow a local user to escalate their privileges by exploiting FortiClient related executables.
How can this vulnerability impact me? :
The vulnerability can allow a local user to escalate their privileges, potentially gaining higher access rights than intended. This could lead to unauthorized actions or control over the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70