AI description
CVE-2025-24472 is an authentication bypass vulnerability found in Fortinet's FortiOS and FortiProxy products. It allows unauthorized remote attackers to gain super-admin privileges by sending specially crafted requests to the system's CSF proxy. The affected versions are FortiOS 7.0.0 through 7.0.16, FortiProxy 7.0.0 through 7.0.19, and FortiProxy 7.2.0 through 7.2.12. Fortinet has addressed this vulnerability; users should update to FortiOS 7.0.17 or later, and FortiProxy 7.0.20/7.2.13 or later. This vulnerability was disclosed on February 11, 2025, and added to an existing advisory regarding another authentication bypass vulnerability, CVE-2024-55591, which affected the same Fortinet products. While initial reports indicated active exploitation, Fortinet clarified that CVE-2025-24472 itself has not been seen exploited in the wild, although CVE-2024-55591 has been. Patches for both vulnerabilities are available, and users who had previously patched their systems against CVE-2024-55591 are already protected against CVE-2025-24472. Workarounds such as disabling the HTTP/HTTPS administrative interface or restricting access to it by IP address are also available.
- Description
- An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests.
- Source
- psirt@fortinet.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- psirt@fortinet.com
- CWE-288
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
10
Fortinet has issued a warning about threat actors exploiting a new zero-day vulnerability, tracked as CVE-2025-24472 (with a CVSS score of 8.1), in its FortiOS and FortiProxy products to hijack firewalls. https://t.co/KIQFssswbb
@VULNERAsecurity
12 Feb 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet has disclosed CVE-2025-24472, a vulnerability fixed in January, not a zero-day. Only CVE-2024-55591 is actively exploited. Organizations should secure their FortiOS & FortiProxy firewalls. 🔒 #Fortinet #Vulnerability #USA link: https://t.co/oUDNrTOWvi https://t.co/G
@TweetThreatNews
12 Feb 2025
15 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January, but not disclosed then. Furthermore, even though the current advisory states that the listed flaws were exploited in attacks and includes… ht
@BleepinComputer
12 Feb 2025
19370 Impressions
53 Retweets
164 Likes
39 Bookmarks
5 Replies
3 Quotes
Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January. Furthermore, even though the current advisory states that the listed flaws were exploited in attacks and includes workarounds, Fortinet says…
@BleepinComputer
12 Feb 2025
379 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortiOSとFortiProxyの一部のバージョンにおいて、「認証バイパス」(CWE-288)の脆弱性CVE-2025-24472, CVE-2024-55591 攻撃者はNode.jsのWebSocketモジュールまたはCSFのプロキシリクエストを利用したリクエストを送ることで、管理者(スーパーユーザー)権限を取得します。 https://t.co/npc0IB0htf
@t_nihonmatsu
12 Feb 2025
270 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
タイトル見てCVE-2025-24472 が また新しいFortiOSのゼロデイかと驚きましたが、先月から騒ぎになってるCVE-2024-55591と影響範囲や対策バージョンは同じですね。内部的な攻撃経路が異なるので違うCVEをアサインしたのだと思われます。先月分でパッチ済みなら対処不要です。 https://t.co/agESMYZmn2
@nekono_naha
12 Feb 2025
1933 Impressions
8 Retweets
29 Likes
7 Bookmarks
0 Replies
0 Quotes
Fortinetで新たなゼロデイ脆弱性(CVE-2025-24472) 過去の既知の脆弱性(CVE-2024-55591)も悪用しインターネットに公開されたファイアウォールの管理ポータルを狙い、不正アクセスを試みる高度な手法が用いられています。 #セキュリティ対策Lab #セキュリティ https://t.co/O0SvszeLXw
@securityLab_jp
12 Feb 2025
31 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical Authentication Bypass vulnerabilities in Fortinet FortiOS & FortiProxy exploited in the wild! CVE-2025-24472, CVE-2024-55591 Attackers can gain super-admin privileges 📌 Patch immediately! #CyberSecurity #Vulmon https://t.co/xkzq4Kuidx
@vulmoncom
11 Feb 2025
2997 Impressions
6 Retweets
6 Likes
4 Bookmarks
1 Reply
3 Quotes
🚨 CVE-2025-24472🚨 Critical Authentication Bypass in Fortinet FortiOS & FortiProxy exploited in the wild! Attackers can gain super-admin privileges 📌 Patch immediately to protect your systems! #CyberSecurity #Vulmon https://t.co/M6HYXtiWOD
@vulmoncom
11 Feb 2025
21 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes