Code Injection Vulnerability in FortiClient for Mac by Fortinet
CVE-2025-31365

5.5MEDIUM

Key Information:

Vendor: Fortinet
Status: Forticlientmac
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-31365?

An improper control of code generation (code injection) vulnerability in FortiClient for Mac versions 7.4.0 to 7.4.3 and 7.2.1 to 7.2.8 could allow unauthenticated attackers to execute arbitrary code on users’ machines. This threat is initiated when users are tricked into visiting a malicious website, making it crucial for users and organizations to ensure their installations are up to date with security patches.

Affected Version(s)

FortiClientMac 7.4.0 <= 7.4.3

FortiClientMac 7.2.1 <= 7.2.8

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-037

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Mar 28, 2025

JSON