🔴 CVE-2025-24472

Authentication bypass vulnerability in Fortinet FortiOS and FortiProxy allows remote unauthenticated attackers to gain super-admin privileges via crafted CSF proxy requests when Security Fabric is enabled. This is actively exploited and listed in CISA KEV.

← Back to Overview
HIGH_RISK
Risk Level
8.1
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
Yes (+443d)
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-02-11

Added to CISA KEV: 2025-03-18 35 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-24472 is a critical authentication bypass vulnerability affecting specific versions of Fortinet’s FortiOS and FortiProxy products [1] [5].

Vulnerability Overview
  • Type: Authentication Bypass Using an Alternate Path or Channel (CWE-288) [1].
  • Impact: Successful exploitation allows a remote, unauthenticated attacker to gain super-admin privileges on the target device [1]?trk=article-ssr-frontend-pulse_little-text-block?kagi_q=CVE-2025-24472+details+exploitation+impact+patch+status [4].
Exploitation Details
  • Attack Method: The vulnerability is exploited via specially crafted CSF (Security Fabric) proxy requests [4] [6].
  • Requirements: It is a remote attack that does not require user interaction [5]. However, exploitation may require prior knowledge of the serial numbers of upstream and downstream devices in the Security Fabric [1]?trk=article-ssr-frontend-pulse_little-text-block?kagi_q=CVE-2025-24472+details+exploitation+impact+patch+status.
  • Exploit Availability: Public discussions and security analyses have noted the existence of proof-of-concept (PoC) exploit code associated with the broader advisory (FG-IR-24-535) that includes this vulnerability [3].
Affected Products and Status
  • Affected Versions:
* FortiOS: 7.0.0 through 7.0.16 [1]. * FortiProxy: 7.2.0 through 7.2.12 and 7.0.0 through 7.0.19 [1]?trk=article-ssr-frontend-pulse_little-text-block?kagi_q=CVE-2025-24472+details+exploitation+impact+patch+status.
  • Status: Fortinet issued an advisory (FG-IR-24-535) to address this issue. Organizations are advised to verify their firmware versions against the official Fortinet PSIRT advisory and apply the necessary patches to mitigate the risk of unauthorized administrative access [2].
*Note: While reports mention the vulnerability in the context of critical infrastructure and potential for severe compromise, specific details regarding active exploitation in the wild by named threat actors or its use in specific ransomware campaigns are not explicitly detailed in the current public disclosures.*

Sources

  1. CVE-2025-24472 Detail - NVD

    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12 ... Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only…

  2. Authentication bypass in Node.js websocket module - FortiGuard Labs

    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super- ...

  3. Fortinet Clarifies CVE-2025-24472 Vulnerability Fix

    A look at the CVE-2025-24472 and CVE-2024-45591 vulnerabilities in Fortinet, patch status, attack details, and security measures to protect systems.Fortinet recently disclosed CVE-2025-24472, a critical authentication bypass vulnerability in FortiOS and FortiProxy that allows attackers to gain super…

  4. New Fortinet exploit CVE-2025-24472 disclosed

    CVE-2025-24472 expands the vulnerability in FortiOS 7.0.0 to 7.0.16 discovered earlier this year and allows remote attackers to gain ... CVE-2025-24472 expands the vulnerability in FortiOS 7.0.0 to 7.0.16 discovered earlier this year and allows remote attackers to gain super-admin privileges.Summary…

  5. CVE-2025-24472 - Exploits & Severity - Feedly

    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy ... CVE-2025-24472 is a critical authentication bypass vulnerability affecting Fortinet's FortiOS and FortiProxy systems, allowing remote attackers to gain unauth…

  6. Critical Analysis of CVE-2025-24472: Authentication Bypass ...

    This critical authentication bypass flaw impacts FortiOS and FortiProxy systems, enabling remote attackers to exploit specially crafted CSF proxy requests. ... Executive SummaryFebruary 12, 2025 – In today’s advisory update, we present a comprehensive analysis of the recently disclosed vulnerability…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed