How severe is CVE-2025-46373?

CVE-2025-46373 has a CVSS v3 score of 7.8 (HIGH).

CVE-2025-46373

Name: forticlient
Author: fortinet

7.8HIGH

A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec use

Published: 11/18/2025Updated: 12/16/2025

Description

A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to execute arbitrary code or commands via "fortips_74.sys". The attacker would need to bypass the Windows heap integrity protections

AI AnalysisPowered by AI

Affected Products

fortinetforticlient

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-125
Vendor Advisory