CVE-2025-24473 is a medium-severity information disclosure vulnerability affecting Fortinet's FortiClientWindows versions 7.2.0 through 7.2.1. The vulnerability arises due to the exposure of sensitive system information to unauthorized remote attackers when Windows is configured to accept incoming connections on port 8053, which is a non-default setup. An attacker can exploit this vulnerability by navigating to a hosted webpage served by the FortiClientWindows application on the affected port. This allows the attacker to view application information that should otherwise be restricted. The vulnerability does not require any authentication or user interaction, but the attack vector requires network access to the specific port 8053, which is not enabled by default, thus reducing the attack surface. The CVSS v3.1 base score is 4.8, indicating a medium severity level, with the vector string AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C. This means the attack is network-based (AV:N), requires high attack complexity (AC:H), no privileges or user interaction are needed, and the impact is limited to confidentiality (C:L) with no impact on integrity or availability. The exploitability is partially functional (E:P), and the vulnerability has an official fix released (RL:O) with confirmed reports (RC:C). No known exploits are currently observed in the wild. The vulnerability is relevant primarily in environments where FortiClientWindows is deployed and Windows systems are configured to accept connections on port 8053, which is uncommon but possible in specialized or misconfigured setups.

For European organizations, the impact of CVE-2025-24473 is primarily an information disclosure risk that could lead to leakage of sensitive application data. While the vulnerability does not allow direct system compromise, integrity, or availability impact, the exposure of application information could aid attackers in reconnaissance and facilitate subsequent targeted attacks. Organizations using FortiClientWindows 7.2.0 or 7.2.1 in environments where port 8053 is open to external or internal networks are at risk. This could include enterprises with customized network configurations or those using FortiClient as part of their endpoint security solutions. The risk is heightened in sectors with strict data protection requirements such as finance, healthcare, and critical infrastructure, where even limited information disclosure can have regulatory and operational consequences. However, since the vulnerability requires a non-default port configuration, the overall exposure is limited, reducing the likelihood of widespread exploitation. European organizations should consider the potential for lateral movement or escalation by attackers leveraging disclosed information in multi-stage attacks.

To mitigate CVE-2025-24473, European organizations should first verify if any Windows systems running FortiClientWindows versions 7.2.0 or 7.2.1 have port 8053 open and accepting incoming connections. Network administrators should restrict or close port 8053 unless explicitly required for business purposes. If the port must remain open, implement network segmentation and firewall rules to limit access to trusted hosts only. Organizations should upgrade FortiClientWindows to the latest patched version once available from Fortinet, as no direct patch links are provided but the vendor has acknowledged the issue. Additionally, conduct regular network scans to detect unauthorized open ports and monitor network traffic for suspicious access attempts to port 8053. Endpoint detection and response (EDR) tools should be configured to alert on unusual FortiClientWindows activity. Finally, incorporate this vulnerability into vulnerability management programs and incident response plans to ensure timely detection and remediation.