Platform
fortinet
Component
fortidlp-agent-s-outlookproxy-plugin
Fixed in
11.5.2
11.4.7
11.3.5
11.2.4
11.2.1
11.1.3
11.0.2
10.5.2
10.4.1
10.3.2
CVE-2025-54658 describes a Path Traversal vulnerability discovered in the Outlookproxy plugin of the FortiDLP Agent for MacOS. This flaw allows an authenticated attacker to escalate their privileges to root on the affected system. The vulnerability impacts versions 10.3.1 through 11.5.1 of the FortiDLP Agent, and a fix is available in version 11.5.2.
Successful exploitation of CVE-2025-54658 grants an attacker root privileges on the compromised FortiDLP Agent host. This represents a significant escalation of privileges, enabling the attacker to execute arbitrary commands, access sensitive data, and potentially compromise other systems on the network. The ability to achieve root access bypasses standard security controls and allows for complete control over the affected machine. The attack vector involves sending a crafted request to a local listening port, indicating a potential for local privilege escalation rather than remote code execution.
CVE-2025-54658 was publicly disclosed on 2025-10-16. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, but the path traversal nature of the vulnerability suggests that it could be relatively easy to exploit once a PoC is released. The potential for privilege escalation to root makes this a high-priority vulnerability to address.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-54658 is to upgrade the FortiDLP Agent to version 11.5.2 or later, which contains the fix for this vulnerability. If immediate upgrade is not feasible, consider implementing network segmentation to limit the potential impact of a successful attack. While a direct workaround is not available, restricting access to the Outlookproxy plugin's listening port could reduce the attack surface. Regularly review FortiDLP Agent configurations and access controls to ensure they adhere to the principle of least privilege. After upgrade, confirm the fix by attempting to trigger the path traversal vulnerability with a crafted request and verifying that it is blocked.
Actualice FortiDLP Agent a una versión posterior a 11.5.1. Consulte el advisory de Fortinet (FG-IR-25-628) para obtener más detalles e instrucciones específicas de actualización.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-54658 is a Path Traversal vulnerability in the FortiDLP Agent's Outlookproxy plugin for MacOS, allowing privilege escalation to root. It affects versions 10.3.1–11.5.1.
You are affected if you are running FortiDLP Agent for MacOS versions 10.3.1 through 11.5.1. Check your version and upgrade if necessary.
Upgrade to FortiDLP Agent version 11.5.2 or later to remediate the vulnerability. Consider network segmentation as a temporary mitigation.
While no active exploitation has been confirmed, the vulnerability's nature suggests it could be easily exploited once a proof-of-concept is released.
Refer to the official Fortinet security advisory for CVE-2025-54658 on the Fortinet support website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.