CVE-2025-54658

📊 7.8 HIGH⚡ 0.0%🎯 0 exploits

📅 Published Oct 16, 2025

📋 Status: Analyzed

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to Root via sending a crafted request to a local listening port.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

2 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	fortinet	fortidlp agent	≥ 10.3.1 ∧ ≤ 11.5.1	Vulnerable	cpe:2.3:a:fortinet:fortidlp_agent::::::::
💻OS	apple	macos	All versions	Not Vulnerable	cpe:2.3:o:apple:macos:-:::::::*

📱

fortinet / fortidlp agent

Application

Vulnerable

Version: ≥ 10.3.1 ∧ ≤ 11.5.1

CPE:

cpe:2.3:a:fortinet:fortidlp_agent:*:*:*:*:*:*:*:*

💻

apple / macos

Operating System

Safe

Version: All versions

CPE:

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Metrics

7.8 HIGHCVSS v3.1[email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector:

LOCAL

Complexity:

LOW

Privileges:

LOW

User Interaction:

NONE

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

7.8 (HIGH)v3.1

Source: [email protected]

EPSS Details

0.0% (Minimal)3.6th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Oct 16, 2025 (16 days ago)

Last Modified

Oct 16, 2025 (15 days ago)

Security Weaknesses1

CWE-22

References2

NVDgeneral