ForticlientVPN only version 7.4.4?

Hi TechMSB

After searching on the support portal I can confirm the latest FortiClientVPN version is 7.4.3 so far.

The psirt page you shared mentions FCT and not FCT VPN, but it is obvious that the vulnerability can especially be exploited in shared environments where you share the installer in a folder that can be writable by anyone.

In any case there is a mentioned workaround that is simple to implement: just download the installer from Fortinet and put it in a read-only shared folder (basic security measures).

Hello everyone,
take a look at the release notes for FortiClient 7.4.4:

“FortiClient (Windows) 7.4.4 does not include a new version of the free VPN-only agent as no feature updates were made to the free VPN-only agent between 7.4.3 and 7.4.4. Users can continue to use the FortiClient (Windows) 7.4.3 free VPN-only agent.”

To me, it’s not entirely clear whether there will still be a VPN-only version in the future, or if there just isn’t one for 7.4.4 because there were no changes. The text in the release notes also appears to have been updated.

Now we’ll see whether the VPN-only version continues to exist. If not, that would be quite unfortunate in my opinion.

Best regards,
Karsten

I couldn't get the answer from any of my sources, seems like no one really knows/wants to share if there is change of plans for free VPN-only client. I will be watching closely this topic, if FOrtinet indeed to drop free vpn-only client without offering decentralized licensing model, it would be a major blow, as in MSP environment switching hundreds of unrelated clients with thousands of users to a centralized EMS is a no go.

I just saw there are more risks for 7.4.3 vpn only client but still not new version from fortinet.

https://fortiguard.fortinet.com/psirt/FG-IR-25-125

https://fortiguard.fortinet.com/psirt/FG-IR-25-112

We don't need the full vpn and edr version just the vpn only version.

Reading into this, as we are also affected. Has anyone reviewed https://www.cvedetails.com/cve/CVE-2025-57716? This seems to suggest that 7.2.12 is unaffected by this, but this is no longer available for download and may have other vulnerabilities.

I am told they are testing a fix to be included in an official build, no ETA yet though.

Keep in mind that FCT VPN is a free version with no obligation from Fortinet.

It does include fixes like: "Issues regarding FortiClient support for newer Realtek drivers in W indows 11 have been resolved. The issue is that Realtek and Qualcomm used the NetAdapterCx structure in their drivers and the Microsoft API had an error in translating the flags, which may result in IPsec VPN connection failure."

Does anyone have the current status of the 7.4.4 VPN-only client?  It has been quite a while since these vulnerabilities were released.  I wish I could use the supported version, but I am a tiny firm that has an outsourced firewall and all I have to use is the VPN-only client, so short of completely changing firewalls and vendors (which I also wish I could do but cannot) I am stuck.

I was told development was working on a patch for 7.4.3 vpn client only but so far all I seen is the full client, not the vpn only.  I understand this is free software but I agree with others that security risks should be patched.