Privacy Violation Vulnerability in Fortinet FortiDLP Agent for macOS and Windows
CVE-2025-53950

5.1MEDIUM

Key Information:

Vendor

Fortinet
Status
Fortidlp
Vendor
CVE Published:
16 October 2025

What is CVE-2025-53950?

A vulnerability in the Fortinet FortiDLP Agent's Outlookproxy plugin can allow authenticated administrators to access sensitive email information of current users. This issue affects multiple versions across both MacOS and Windows platforms, potentially exposing private user data and raising concerns around user privacy and data protection.

Affected Version(s)

FortiDLP 11.5.1

FortiDLP 11.4.2 <= 11.4.6

FortiDLP 11.3.2 <= 11.3.4

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-639

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-53950 : Privacy Violation Vulnerability in Fortinet FortiDLP Agent for macOS and Windows