CVE-2024-35281

CVE Database · CVE-2024-35281

CVE-2024-35281

· LOWAnalyzed

CVSS v3.1

2.5

EPSS

0.12%

Published

May 13, 2025

Modified

Feb 5, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-653

Affected Products (3)

fortinet · forticlient (up to 7.2.9)vulnerable

fortinet · forticlient (up to 7.4.3)vulnerable

fortinet · fortifone_softclientvulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-025

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs