CVE-2024-54019: 
FortiClient vulnerability analysis and mitigation

A certificate validation vulnerability (CVE-2024-54019) was discovered in Fortinet FortiClientWindows that affects version 7.4.0, versions 7.2.0 through 7.2.6, and all versions of 7.0. The vulnerability, disclosed on June 10, 2025, involves improper validation of certificate with host mismatch, which could potentially allow unauthorized attackers to redirect VPN connections (Fortinet PSIRT, NVD).

The vulnerability is classified as CWE-297 (Improper Validation of Certificate with Host Mismatch) with a CVSS v3.1 base score of 4.8 (Medium). The technical assessment indicates that the vulnerability allows attackers to perform DNS spoofing or other forms of redirection attacks against VPN connections. The attack vector is network-based (AV:N) with high attack complexity (AC:H), requiring no privileges (PR:N) or user interaction (UI:N), and the scope is unchanged (S:U) with low confidentiality (C:L) and integrity (I:L) impacts (NVD).

The vulnerability's exploitation could lead to the redirection of VPN connections through DNS spoofing or other redirection techniques. This could potentially allow attackers to intercept or manipulate VPN traffic, compromising the security and privacy of affected FortiClient Windows users (Fortinet PSIRT).

Fortinet has released patches to address this vulnerability. Users of FortiClientWindows 7.4.0 should upgrade to version 7.4.1 or above, while users of versions 7.2.0 through 7.2.6 should upgrade to version 7.2.7 or above. Users of FortiClientWindows 7.0 are advised to migrate to a fixed release (Fortinet PSIRT).