Arbitrary memory write via FortIPS driver Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-25-112 Final 1 1 2025-11-18T00:00:00 Current version 2025-11-18T00:00:00 2025-11-18T00:00:00 An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] in FortiClient Windows may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection. None Execute unauthorized code or commands None Fortinet is pleased to thank Alex of HackerHood Research Group for reporting this vulnerability under responsible disclosure. FortiClientWindows 7.4.3 FortiClientWindows 7.4.2 FortiClientWindows 7.4.1 FortiClientWindows 7.4.0 FortiClientWindows 7.2.9 FortiClientWindows 7.2.8 FortiClientWindows 7.2.7 FortiClientWindows 7.2.6 FortiClientWindows 7.2.5 FortiClientWindows 7.2.4 FortiClientWindows 7.2.3 FortiClientWindows 7.2.2 FortiClientWindows 7.2.1 FortiClientWindows 7.2.0 CVE-2025-47761 FortiClientWindows-7.4.3 FortiClientWindows-7.4.2 FortiClientWindows-7.4.1 FortiClientWindows-7.4.0 FortiClientWindows-7.2.9 FortiClientWindows-7.2.8 FortiClientWindows-7.2.7 FortiClientWindows-7.2.6 FortiClientWindows-7.2.5 FortiClientWindows-7.2.4 FortiClientWindows-7.2.3 FortiClientWindows-7.2.2 FortiClientWindows-7.2.1 FortiClientWindows-7.2.0 7.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:X/RC:R https://fortiguard.fortinet.com/psirt/FG-IR-25-112 Arbitrary memory write via FortIPS driver Reference>