CVE-2025-57716: 
FortiClient vulnerability analysis and mitigation

An Uncontrolled Search Path Element vulnerability (CVE-2025-57716) was discovered in FortiClient Windows versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, and all versions of 7.0. The vulnerability was disclosed on October 14, 2025, affecting the FortiClient Online Installer installation folder (NVD, FortiGuard Labs).

The vulnerability is classified as an Uncontrolled Search Path Element issue (CWE-427). It received a CVSS v3.1 base score of 7.3 (HIGH) from NVD with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, while Fortinet assigned it a score of 6.7 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows a local low-privileged user to perform a DLL hijacking attack by placing a malicious DLL in the FortiClient Online Installer installation folder, potentially leading to unauthorized code execution with elevated privileges (FortiGuard PSIRT).

Fortinet has released patches addressing this vulnerability. Users should upgrade FortiClient Windows 7.4.x to version 7.4.4 or above, version 7.2.x to 7.2.12 or above, and migrate from all 7.0 versions to a fixed release. As a workaround, ensure that all executables are downloaded directly from Fortinet and run the installation of FortiClient from a folder non-writeable by regular users (FortiGuard PSIRT).

The vulnerability was responsibly disclosed by security researcher Axel Flamcourt, demonstrating ongoing collaboration between security researchers and Fortinet in addressing security issues (FortiGuard PSIRT).