Vulnerability Details CVE-2025-31365
An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.1%
CVSS Severity
CVSS v3 Score 5.8
Products affected by CVE-2025-31365
-
cpe:2.3:a:fortinet:forticlient:7.2.1
-
cpe:2.3:a:fortinet:forticlient:7.2.3
-
cpe:2.3:a:fortinet:forticlient:7.2.4
-
cpe:2.3:a:fortinet:forticlient:7.2.5
-
cpe:2.3:a:fortinet:forticlient:7.2.8
-
cpe:2.3:a:fortinet:forticlient:7.4.0
-
cpe:2.3:a:fortinet:forticlient:7.4.1
-
cpe:2.3:a:fortinet:forticlient:7.4.2
-
cpe:2.3:a:fortinet:forticlient:7.4.3