CVE-2025-24472 - Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Project:Fortinet
Product:FortiOS and FortiProxy
Date Added:2025-03-18Due Date:2025-04-08
Vulnerability Name
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Description
Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://fortiguard.fortinet.com/psirt/FG-IR-24-535
https://nvd.nist.gov/vuln/detail/CVE-2025-24472
Related News Articles
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware DeliveryApril 21, 2025
Critical FortiSwitch flaw lets hackers change admin passwords remotelyApril 10, 2025
VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion TacticsMarch 24, 2025