CVE-2023-48788: Active Exploitation and PoC for Critical RCE in Fortinet FortiClientEMS Observed

On March 21, 2024, security researchers published a technical analysis along with a proof of concept (PoC) regarding the critical Remote Code Execution (RCE) vulnerability, CVE-2023-48788, in Fortinet’s FortiClientEMS. This vulnerability enables an unauthenticated threat actor to achieve RCE through the manipulation of SQL commands.

Fortinet has stated that this vulnerability is under active exploitation. PoC exploit code is also now publicly available. While threat actors have not previously targeted FortiClientEMS, several other Fortinet products have been historically targeted such as FortiOS through CVE-2024-21762 and CVE-2024-23113 back in February 2024.

Recommendation for CVE-2023-48788

Upgrade Fortinet FortiClientEMS to Fixed Version

Arctic Wolf strongly recommends upgrading Fortinet FortiClientEMS to the latest version.

Product	Affected Version	Fixed Version
FortiClientEMS	7.2.0 to 7.2.2	7.2.3 or above
FortiClientEMS	7.0.1 to 7.0.10	7.0.11 or above

Please follow your organization’s patching and testing guidelines to avoid operational impact.

References

See other important security bulletins from Arctic Wolf.

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Incident Response Timelines

Expertise by Industry

Resource Center

Trending Resources

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

Our annual recap of the most noteworthy, high-profile, and damaging cybercrimes of the year.

The 2024 Gartner® Market Guide for MDR Services provides a comprehensive overview of the evolving MDR landscape.

Security Bulletins

CVE-2025-2775: PoC Released for SysAid On-Premises Pre-Auth RCE Vulnerability

Follow-Up: Samsung MagicINFO 9 Remains Vulnerable to Ongoing Exploitation

CVE-2025-2775: PoC Released for SysAid On-Premises Pre-Auth RCE Vulnerability

Partners

Company

Careers

Press

CVE-2023-48788: Active Exploitation and PoC for Critical RCE in Fortinet FortiClientEMS Observed

Recommendation for CVE-2023-48788

Upgrade Fortinet FortiClientEMS to Fixed Version

References

Popular Topics

Share this post:

What to read next

2 min read

Follow-Up: Samsung MagicINFO 9 Remains Vulnerable to Ongoing Exploitation

3 min read

CVE-2025-2775: PoC Released for SysAid On-Premises Pre-Auth RCE Vulnerability

6 min read

Follow-Up: SonicWall Updates Advisories for Actively Exploited Vulnerabilities

3 min read

CVE-2025-31324: Maximum-Severity File Upload Vulnerability in SAP NetWeaver Exploited in the Wild

Arctic Wolf Networks 8939 Columbine Rd Eden Prairie, MN 55347

1.888.272.8429

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.

Privacy Notice

Terms of Use

Cookie Policy

Accessibility Statement

Information Security

Sustainability Statement

Cookies Settings

The 2024 Gartner^® Market Guide for MDR Services provides a comprehensive overview of the evolving MDR landscape.

Arctic Wolf Networks
8939 Columbine Rd
Eden Prairie, MN 55347