CVE-2025-25251: 
FortiClient vulnerability analysis and mitigation

An Incorrect Authorization vulnerability (CVE-2025-25251) was discovered in FortiClient Mac, affecting versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, and all versions of 7.0. The vulnerability was disclosed on May 13, 2025, and allows a local attacker to escalate privileges through crafted XPC messages. This security issue was reported by Yaniv Nizry from Sonar under responsible disclosure (Fortinet PSIRT, NVD).

The vulnerability is classified as an Incorrect Authorization issue [CWE-863] that affects the CLI component of FortiClient Mac. It has been assigned a High severity rating with a CVSSv3.1 base score of 7.8, with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The attack requires local access and can potentially lead to complete system compromise in terms of confidentiality, integrity, and availability (NVD).

The vulnerability enables local privilege escalation, allowing attackers to gain elevated system privileges through crafted XPC messages. This could potentially lead to complete system compromise, affecting the confidentiality, integrity, and availability of the system (Fortinet PSIRT).

Fortinet has released patches to address this vulnerability. Users of FortiClient Mac 7.4.0-7.4.2 should upgrade to version 7.4.3 or above, while users of version 7.2.0-7.2.8 should upgrade to version 7.2.9 or above. Users of FortiClient Mac 7.0 are advised to migrate to a fixed release (Fortinet PSIRT).