CVE-2025-31365 is a code injection vulnerability classified under CWE-94, found in Fortinet's FortiClientMac versions 7.4.0 through 7.4.3 and 7.2.1 through 7.2.8. The flaw arises from improper control over code generation, enabling an attacker to inject and execute arbitrary code or commands on the victim's macOS host. Exploitation requires no authentication but depends on user interaction, specifically by convincing the user to visit a crafted malicious website. The vulnerability affects the confidentiality, integrity, and availability of the affected system, as arbitrary code execution could lead to data theft, system compromise, or denial of service. The CVSS 3.1 base score is 5.5, reflecting medium severity with network attack vector, high attack complexity, no privileges required, and user interaction needed. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. No public exploits are known yet, and no patches are currently linked, indicating that Fortinet may still be developing or releasing fixes. The vulnerability's presence in FortiClientMac is critical because FortiClient is widely used for endpoint security and VPN access, making it a valuable target for attackers aiming to bypass security controls or gain persistent access.

For European organizations, this vulnerability poses a significant risk, especially those relying on FortiClientMac for endpoint protection and secure remote access. Successful exploitation could lead to unauthorized code execution, potentially allowing attackers to steal sensitive data, disrupt operations, or establish persistent footholds within corporate networks. The requirement for user interaction limits automated mass exploitation but does not eliminate risk, as phishing and social engineering remain effective attack vectors. The medium CVSS score reflects moderate impact; however, in high-security environments such as government, finance, and critical infrastructure sectors, even medium vulnerabilities can have outsized consequences. The cross-scope impact means that compromise could extend beyond the local host, potentially affecting networked resources and services. The lack of known exploits currently provides a window for proactive mitigation before widespread attacks occur.

1. Monitor Fortinet advisories closely and apply security patches immediately once they are released for FortiClientMac versions 7.4.0 through 7.4.3 and 7.2.1 through 7.2.8. 2. Implement strict web filtering and URL reputation services to block access to known malicious websites and reduce the risk of users visiting crafted sites. 3. Conduct targeted user awareness training focused on phishing and social engineering tactics to reduce the likelihood of users interacting with malicious links. 4. Employ endpoint detection and response (EDR) solutions capable of detecting anomalous process execution and code injection attempts on macOS systems. 5. Restrict unnecessary network access and privilege escalation paths on endpoints to limit the impact of potential exploitation. 6. Use network segmentation to isolate critical systems and reduce lateral movement opportunities if a host is compromised. 7. Regularly audit FortiClientMac deployment versions across the organization to identify and remediate vulnerable instances promptly.