EXECUTIVE SUMMARY:
Fortinet and Ivanti have released patches addressing multiple flaws that, if left unpatched, could enable attackers to execute arbitrary code, escalate privileges, bypass authentication, deauthenticate administrators, or exfiltrate sensitive information across a wide range of appliance and endpoint products notably issues affecting DLP and services that rely on Apache Tika, privilege-escalation bugs in endpoint and OS components, authentication bypass and brute-force weaknesses in management and PAM systems, as well as several vulnerabilities in mobile device management solutions that permit remote code execution, device unenrollment and MFA bypass; organizations using affected products should prioritize applying the vendor fixes and mitigations to reduce exposure and monitor for anomalous activity indicative of exploitation.
- CVE-2025-53951: It is a path-traversal vulnerability in the Outlookproxy plugin of FortiDLP Agent for Windows that allows an authenticated user to send a specially crafted request to a local listening port and access files outside the intended directories; successful exploitation can lead to privilege escalation from a low-privilege user to LocalService on affected installations. The vulnerability has a CVSS score of 7.2.
- CVE-2025-54658: It is a path-traversal vulnerability in the Outlookproxy plugin of FortiDLP Agent for macOS that allows an authenticated user to send crafted requests to a local listening port and access files outside intended directories. Exploitation can enable privilege escalation to root on affected systems. The vulnerability has a CVSS score of 7.8.
- CVE-2024-33507: It is an authentication and session-handling vulnerability in FortiIsolator’s web interface that allows an unauthenticated attacker to deauthenticate administrators or escalate a remote read-only user to write privileges. The flaw affects multiple FortiIsolator releases, so exposed management interfaces should be treated as risk. The vulnerability has a CVSS score of 7.0.
- CVE-2025-57741: It is an incorrect permission-assignment in FortiClientMac’s LaunchDaemon that allows a local attacker to hijack the daemon and run arbitrary commands. An attacker must have local access to the macOS host. If exploited, the flaw can be leveraged to escalate privileges beyond the initial user context. The vulnerability has a CVSS score of 7.0.
RECOMMENDATION:
- We strongly recommend you update FortiDLP Agent to below link:
https://www.fortiguard.com/psirt/FG-IR-25-628
REFERENCES:
The following reports contain further technical details:
