Index of FCT installation directory publicly accessible Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-24-548 Final 1 1 2025-05-13T00:00:00 Current version 2025-05-13T00:00:00 2025-05-13T00:00:00 An Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability [CWE-497] in FortiClientWindows may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup) None Information disclosure None https://fortiguard.fortinet.com/psirt/FG-IR-24-548 Index of FCT installation directory publicly accessible By default Windows will deny incoming requests on port 8053, normally making the information inaccessible to a remote user. However, EDR solutions will nonetheless typically issue an alert. By default Windows will deny incoming requests on port 8053, normally making the information inaccessible to a remote user. However, EDR solutions will nonetheless typically issue an alert. Fortinet is pleased to thank Víctor A. Morales from GM Sectec, Inc. for reporting this vulnerability under responsible disclosure. FortiClientWindows 7.2.1 FortiClientWindows 7.2.0 FortiClientWindows 7.0.14 FortiClientWindows 7.0.13 CVE-2025-24473 FortiClientWindows-7.2.1 FortiClientWindows-7.2.0 FortiClientWindows-7.0.14 FortiClientWindows-7.0.13 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-24-548 Index of FCT installation directory publicly accessible Reference> By default Windows will deny incoming requests on port 8053, normally making the information inaccessible to a remote user. However, EDR solutions will nonetheless typically issue an alert. By default Windows will deny incoming requests on port 8053, normally making the information inaccessible to a remote user. However, EDR solutions will nonetheless typically issue an alert.