CVE-2025-53950

Medium CVSS: 5.5

An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated administrator to collect current user's email information.

Vendor

Fortinet

Product

Fortidlp Agent

CWE

CWE-359

Yayın Tarihi

2025-10-16 14:15:35

Güncelleme

2025-10-16 17:54:14

Source Identifier

psirt@fortinet.com

KEV Date Added

Kategoriler

CWE-359 Fortidlp Agent MEDIUM Fortinet 2025

Referanslar

https://fortiguard.fortinet.com/psirt/FG-IR-25-639

Benzer Kayıtlar

Critical

CVE-2026-35616

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta…

Medium

CVE-2026-30897

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, Fort…

High

CVE-2026-25836

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet…

Medium

CVE-2026-25972

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiS…

Medium

CVE-2026-25689

An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDec…

Medium

CVE-2026-24640

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7…