Privacy Violation Vulnerability in Fortinet FortiDLP Agent for macOS and Windows
CVE-2025-53950

5.1MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortidlp
Vendor: CVE Published:; 16 October 2025

What is CVE-2025-53950?

A vulnerability in the Fortinet FortiDLP Agent's Outlookproxy plugin can allow authenticated administrators to access sensitive email information of current users. This issue affects multiple versions across both MacOS and Windows platforms, potentially exposing private user data and raising concerns around user privacy and data protection.

Affected Version(s)

FortiDLP 11.5.1

FortiDLP 11.4.2 <= 11.4.6

FortiDLP 11.3.2 <= 11.3.4

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-639

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Jul 15, 2025

JSON