CNNVD-202510-1962 Information
CNNVD ID
CNNVD-202510-1962
Related CVE
- CNNVD Published: 2025-10-14
Description (Chinese)
Fortinet FortiClientWindows是美国飞塔(Fortinet)公司的一套基于Windows平台的移动终端安全解决方案。该方案与FortiGate防火墙设备连接时可提供IPsec和SSL加密、广域网优化、终端合规和双因子认证等功能。 Fortinet FortiClientWindows 7.4.0版本至7.4.3版本、7.2.0版本至7.2.11版本和7.0所有版本存在代码问题漏洞,该漏洞源于未控制搜索路径元素,可能导致本地低权限用户通过放置恶意DLL执行DLL劫持攻击。
Description (English)
Fortinet Forest Windows is a mobile terminal security solution based on the Windows platform of Fortinet. The program, when connected to FortiGate firewall equipment, provides the functionality of IPsec and SSL encryption, wide area network optimization, terminal compliance and dual-factor authentication. There is a code gap between Fortinet Forest Windows version 7.4.0 and version 7.4.3, between version 7.2.0 and version 7.2.11 and all version 7.0, which stems from uncontrolled search path elements and may lead local low-authorized users to execute DLL hijacking attacks by placing malicious DLLs.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
飞塔
Published
2025-10-14
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-685 https://access.redhat.com/security/cve/cve-2025-57716 https://vigilance.fr/vulnerability/FortiClientWindows-executing-DLL-code-via-Online-Installer-48461
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-25-685
Share on: