FortiClientLinux contains a flaw where the application follows symbolic links without proper checks. An authenticated, unprivileged local user can exploit this behaviour to gain root privileges. The weakness is classified as CWE-61, reflecting incorrect handling of path traversal through symlinks.

Fortinet FortiClientLinux on Linux operating systems is affected. The vulnerability exists in versions 7.4.0 through 7.4.4 and in 7.2.2 through 7.2.12. Users running any of these releases should verify the current installed version against the list above.

CVSS score is 7.4 indicating high severity. The EPSS indicates low exploitation probability (< 1%). The vulnerability is local, requiring the attacker to have a user account on the same host. No public exploit is reported and it is not listed in the CISA Known Exploit Catalog. However, because privilege escalation to root can enable arbitrary system changes, the risk remains significant for any machine with exposed local users. The official recommendation is to apply a patch that removes the insecure symlink handling.