CVE-2025-53950 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2025-53950

Analyzed

More Info Official Page

Source-psirt@fortinet.com

Published At-16 Oct, 2025 | 14:15

Updated At-16 Oct, 2025 | 17:54

An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated administrator to collect current user's email information.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
Primary	3.1	6.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

Type: Primary

Version: 3.1

Base score: 6.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CPE Matches

>>fortidlp_agent>>Versions from 10.3.1(inclusive) to 11.5.1(inclusive)

cpe:2.3:a:fortinet:fortidlp_agent:*:*:*:*:*:*:*:*

>>macos>>-

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-359	Primary	psirt@fortinet.com

CWE ID: CWE-359

Type: Primary

Source: psirt@fortinet.com

References

Hyperlink	Source	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-25-639	psirt@fortinet.com	Vendor Advisory

Hyperlink: https://fortiguard.fortinet.com/psirt/FG-IR-25-639

Source: psirt@fortinet.com

Resource:

Vendor Advisory