CVE-2025-53950
BaseFortify
Publication date: 2025-10-16
Last updated on: 2025-10-16
Assigner: Fortinet, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortidlp_agent | From 10.3.1 (inc) to 11.5.1 (inc) |
| apple | macos | * |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-359 | The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Exposure of Private Personal Information (Privacy Violation) in the Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows versions specified. It may allow an authenticated administrator to collect the current user's email information without proper authorization.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an authenticated administrator to access and collect private email information of the current user, potentially leading to unauthorized disclosure of sensitive personal or business communications.