CVE-2024-54019: 
FortiClient vulnerability analysis and mitigation

A certificate validation vulnerability (CVE-2024-54019) was discovered in Fortinet FortiClientWindows affecting version 7.4.0, versions 7.2.0 through 7.2.6, and all versions of 7.0. The vulnerability involves improper validation of certificate with host mismatch, which was disclosed on June 10, 2025. This security flaw is classified as CWE-297 (Improper Validation of Certificate with Host Mismatch) (Wiz, NVD).

The vulnerability is characterized by a network-based attack vector (AV:N) with high attack complexity (AC:H), requiring no privileges (PR:N) or user interaction (UI:N). The scope is unchanged (S:U) with low confidentiality (C:L) and integrity (I:L) impacts. The CVSS v3.1 base score is 4.8 (Medium) (NVD, Fortinet PSIRT).

The exploitation of this vulnerability could lead to the redirection of VPN connections through DNS spoofing or other redirection techniques. This could potentially allow attackers to intercept or manipulate VPN traffic, compromising the security and privacy of affected FortiClient Windows users (Fortinet PSIRT, Wiz).

Fortinet has released patches to address this vulnerability. Users of FortiClientWindows 7.4.0 should upgrade to version 7.4.1 or above, while users of versions 7.2.0 through 7.2.6 should upgrade to version 7.2.7 or above. Users of FortiClientWindows 7.0 are advised to migrate to a fixed release (Fortinet PSIRT).