Fortinet FortiClient (Windows), Information Disclosure, CVE-2025-24473 (Medium)

By /

Listen to this Post

How the CVE Works

CVE-2025-24473 is an information disclosure vulnerability in Fortinet FortiClient for Windows (versions 7.2.0 through 7.2.1). When Windows is configured to accept incoming connections on port 8053 (non-default), a remote attacker can exploit this flaw by hosting a malicious webpage. If a victim navigates to this page, sensitive application information is leaked due to improper access controls. The vulnerability stems from insufficient validation of incoming requests, allowing unauthorized retrieval of system or session data.

DailyCVE Form

Platform: FortiClient (Windows)
Version: 7.2.0 – 7.2.1
Vulnerability: Information Disclosure
Severity: Medium
Date: 06/04/2025

Prediction: Patch by 07/15/2025

What Undercode Say:

Analytics:

  • Exploitability: Low (requires non-default port 8053)
  • Attack Vector: Remote (web-based)
  • Impact: Confidentiality loss

Exploit Command (PoC):

import requests
target = "http://victim_ip:8053"
response = requests.get(target + "/leak_endpoint")
print(response.text)

Mitigation Steps:

1. Disable port 8053 if unused:

netsh advfirewall firewall add rule name="Block 8053" dir=in action=block protocol=TCP localport=8053

2. Apply Fortinet’s patch when released.

3. Restrict inbound web traffic via GPO:

Set-NetFirewallProfile -DefaultInboundAction Block

Detection (SIEM Query):

SELECT FROM logs WHERE dest_port = 8053 AND src_ip NOT IN (trusted_ips)

Patch Verification:

Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like "FortiClient"} | Select Version

Workaround (Registry Fix):

reg add "HKLM\SOFTWARE\Fortinet\FortiClient" /v "DisablePort8053" /t REG_DWORD /d 1 /f

References:

  • Fortinet Advisory: TBD
  • CWE-200: Information Exposure

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top