Primary

Context

Fortinet FortiClient Windows Exposed IOCTL Vulnerability Allowing Unauthorized Code Execution

Vulnerability

Patched

A vulnerability has been identified in Fortinet FortiClient for Windows, specifically in versions 7.4.0 through 7.4.3 and 7.2.0 through 7.2.9. This vulnerability involves an exposed IOCTL with insufficient access control, which may allow an authenticated local user to execute unauthorized code via the fortips driver. Exploiting this vulnerability would require bypassing Windows memory protections, such as Heap integrity and HSP, and necessitates a valid and active VPN IPSec connection.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution with the privileges of the user running FortiClient.

Remediation

Users can upgrade to Fortinet FortiClient Windows version 7.4.4 or above to address this vulnerability. For those on FortiClient Windows 7.2, the recommended version is 7.2.10 or above.

Added: Nov 18, 2025, 5:33 PM

Updated: Nov 18, 2025, 5:33 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

2.3

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

2.3

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiClient Windows Exposed IOCTL Vulnerability Allowing Unauthorized Code Execution

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiClient

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating