CVE-2023-48788: Active Exploitation and PoC for Critical RCE in Fortinet FortiClientEMS Observed

On 21 March 2024, security researchers published a technical analysis along with a proof of concept (PoC) regarding the critical Remote Code Execution (RCE) vulnerability, CVE-2023-48788, in Fortinet’s FortiClientEMS. This vulnerability enables an unauthenticated threat actor to achieve RCE through the manipulation of SQL commands.

Fortinet has stated that this vulnerability is under active exploitation. PoC exploit code is also now publicly available. While threat actors have not previously targeted FortiClientEMS, several other Fortinet products have been historically targeted such as FortiOS through CVE-2024-21762 and CVE-2024-23113 back in February 2024.

Recommendation for CVE-2023-48788

Upgrade Fortinet FortiClientEMS to Fixed Version

Arctic Wolf strongly recommends upgrading Fortinet FortiClientEMS to the latest version.

Product	Affected Version	Fixed Version
FortiClientEMS	7.2.0 to 7.2.2	7.2.3 or above
FortiClientEMS	7.0.1 to 7.0.10	7.0.11 or above

Please follow your organisation’s patching and testing guidelines to avoid operational impact.

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Customer Portal Policy	Accessibility Statement	Sustainability Statement	Information Security	Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Expertise by Industry

Resource Centre

Trending Resources

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

Security Bulletins

Microsoft Releases Emergency Patch for Exploited Critical Remote Code Execution Vulnerability (CVE-2025-59287)

F5 BIG-IP Source Code Containing Undisclosed Vulnerabilities Stolen by Nation-State Threat Actor

Microsoft Patch Tuesday October 2025

Company

Careers

Press

CVE-2023-48788: Active Exploitation and PoC for Critical RCE in Fortinet FortiClientEMS Observed

Recommendation for CVE-2023-48788

Upgrade Fortinet FortiClientEMS to Fixed Version

References

Popular Topics

Share this post:

What to read next

Earl Grey House
77 Grey St. 3rd Floor
Newcastle upon Tyne
NE1 6EF
UK

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.

Privacy Notice

Terms of Use

Cookie Policy

Customer Portal Policy

Accessibility Statement

Sustainability Statement

Information Security

Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Expertise by Industry

Resource Centre

Trending Resources

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

Security Bulletins

Microsoft Releases Emergency Patch for Exploited Critical Remote Code Execution Vulnerability (CVE-2025-59287)

F5 BIG-IP Source Code Containing Undisclosed Vulnerabilities Stolen by Nation-State Threat Actor

Microsoft Patch Tuesday October 2025

Company

Careers

Press

CVE-2023-48788: Active Exploitation and PoC for Critical RCE in Fortinet FortiClientEMS Observed

Recommendation for CVE-2023-48788

Upgrade Fortinet FortiClientEMS to Fixed Version

References

Popular Topics

Share this post:

What to read next

11 min read

Microsoft Patch Tuesday October 2025

2 min read

CVE-2025-61884: Oracle Releases Emergency Patch for Information Disclosure Flaw

27 min read

SonicWall Concludes Investigation Into Incident Affecting MySonicWall Configuration Backup Files

4 min read

CVE-2025-61882: New Critical RCE Vulnerability Linked to Oracle E-Business Cl0p Extortion Emails

Earl Grey House 77 Grey St. 3rd Floor Newcastle upon TyneNE1 6EF UK

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.

Earl Grey House
77 Grey St. 3rd Floor
Newcastle upon Tyne
NE1 6EF
UK