Fortinet News Articles

Researcher to release exploit for full auth bypass on FortiWeb

A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication.

2 weeks ago

Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild

Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates.

2 weeks ago

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

CVE-2025-25256 in FortiSIEM scored 9.8 CVSS; active exploit found, prompting urgent patching. (

2 weeks ago

Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter is out! Every week, the best security articles from Security Affairs in your email box

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

Hackers exploited a Fortinet FortiWeb flaw the same day a PoC was published, compromising dozens of systems.

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

Hackers exploited a Fortinet FortiWeb flaw the same day a PoC was published, compromising dozens of systems.

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its KEV Catalog, based on evidence of active exploitation

CISA Warns of Fortinet FortiWeb SQL Injection Vulnerability Exploited in Attacks

CISA has added a critical Fortinet FortiWeb vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation of the SQL injection flaw in cyberattacks worldwide.

FortiWeb Systems Compromised via Webshells After Public PoC Release

A widespread cyberattack campaign has successfully compromised dozens of Fortinet FortiWeb instances through webshell deployment.

Fortinet FortiWeb Instances Hacked With Webshells Following Public PoC Exploits

Dozens of Fortinet FortiWeb instances have been compromised with webshells in a widespread hacking campaign, according to the threat monitoring organization The Shadowserver Foundation.

New Fortinet FortiWeb hacks likely linked to public RCE exploits

Multiple Fortinet FortiWeb instances recently infected with web shells are believed to have been compromised using public exploits for a recently patched remote code execution (RCE) flaw tracked as CVE-2025-25257.

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257) - Help Net Security

With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 is expected to be leveraged by attackers soon.

The first week of CVE-2025-25257 in FortiWeb Fabric Connector – Global Security Mag Online

The first week of CVE-2025-25257 in FortiWeb Fabric Connector CrowdSec

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

PoC exploits released for critical Fortinet FortiWeb flaw allowing pre-auth RCE. Fortinet urges users to patch.

Critical Vulnerability Exposes Fortinet FortiWeb to Full Takeover (CVE-2025-25257)

WatchTowr Labs reveals CVE-2025-25257, a critical FortiWeb SQL injection vulnerability allowing unauthenticated remote code execution.

Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)

Fortinet fixes a critical SQL injection vulnerability in FortiWeb (CVE-2025-25257), posing risks to database security.

Fortinet FortiWeb Fabric Connector Vulnerability Exploited to Execute Remote Code

A critical security vulnerability in Fortinet's FortiWeb Fabric Connector has been discovered and exploited, allowing attackers to execute remote code on affected systems without authentication.

Critical Fortinet flaws now exploited in Qilin ransomware attacks

The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely.

Researchers Drop PoC for Fortinet CVE-2025-32756, Urging Quick Patching

Researchers have released PoC for CVE-2025-32756, a vulnerability actively being exploited in Fortinet products like FortiMail and FortiCamera.

Fortinet Zero-Day Under Attack: PoC Now Publicly Available

The vulnerability is a stack-based buffer overflow located within the administrative API, specifically in the handling of session cookies.

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Fortinet patched CVE-2025-32756, a zero-day flaw exploited in FortiVoice systems, risking remote code execution.

Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) - Help Net Security

Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice systems.

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices - Help Net Security

An attacker using old FortiOS flaws to breach FortiGate devices has been leveraging symlink to retain limited access to them after patching.

FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) - Help Net Security

Fortinet has released patches for a vulnerability (CVE-2024-48887) in its FortiSwitch devices that could give attackers admin privileges.

Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw

Fortinet patches CVE-2024-48887, a 9.3 CVSS FortiSwitch flaw, urging quick upgrades to avoid attacks.

Critical Fortinet Vuln Draws Fresh Attention

CISA this week added CVE-2025-24472 to its catalog of known exploited vulnerabilities, citing ransomware activity targeting the authentication bypass flaw.

Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns

The US Cybersecurity and Infrastructure Security Agency added flaws in Fortinet and a popular GitHub Action to its Known Exploited Vulnerabilities catalog

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

CISA Issues Security Warning on Fortinet FortiOS Authentication Bypass Exploit

The Cybersecurity and Infrastructure Security Agency (CISA) issued a critical security warning regarding a severe vulnerability in Fortinet's FortiOS and FortiProxy systems.

New Lockbit-linked ransomware group targets Fortinet vulnerabilities

The “SuperBlack” ransomware leverages the LockBit 3.0 builder with a custom encryption tool.

New ransomware gang targets Fortinet firewalls, victim data

Researchers are tracking a newly discovered ransomware group with suspected links to LockBit after a series of intrusions were reported starting in January. Forescout said the group it's tracking as Mora_001...

CISA Adds Four Known Exploited Vulnerabilities to Catalog | CISA

CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-55591(link is external) Fortinet FortiOS Authorization Bypass...

New SuperBlack ransomware exploits Fortinet auth bypass flaws

A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack.

Fortinet discloses second authentication bypass vulnerability | Tec...

Fortinet on Tuesday disclosed another authentication bypass vulnerability. Tracked as CVE-2025-24472, it affects versions of FortiOS and FortiProxy.

FortiOS & FortiProx 0-Day Allows Attackers Hijacks Firewall & Gain Super Admin Access

Fortinet has issued an urgent warning about actively exploiting an already patched zero-day authentication bypass vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products.

Fortinet Firewalls Compromised by New Zero-Day Exploit - VULNERA

Fortinet has issued a warning about threat actors exploiting a new zero-day vulnerability, tracked as CVE-2025-24472 (with a CVSS score of 8.1), in its FortiOS and FortiProxy products to hijack firewalls.

Fortinet FortiOS & FortiProxy Zero-Day Exploited to Hijack Firewall & Gain Super Admin Access

Cybersecurity firm Fortinet has issued an urgent warning regarding a newly discovered zero-day authentication bypass vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products.

Fortinet warns of new zero-day exploited to hijack firewalls

Fortinet warned today that attackers are exploiting another authentication bypass zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks.

Fortinet discloses second firewall auth bypass patched in January

Fortinet warned today that attackers are exploiting another now-patched zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks.

Hackers Allegedly Selling Fortinet Vulnerability Exploit on Dark Web Forums

A significant cybersecurity threat has emerged as hackers on a prominent Russian dark web forum claim to be selling an active exploit targeting Fortinet devices.The exploit reportedly leverages a critical vulnerability, CVE-2024-55591, which affects FortiOS versions 7.0.0 through 7.0.16. 

Fortinet Zero-Day Gives Attackers Super-Admin Privileges

The firewall specialist has patched the security flaw, which was responsible for a series of attacks reported earlier this month that compromised FortiOS and FortiProxy products exposed to the public Internet.

Fortinet Authentication Vulnerability Exploited to Gain Super-Admin Access

A critical authentication vulnerability in Fortinet's FortiGate SSL VPN appliance tracked as CVE-2024-55591, has been weaponized in active attacks.

Last Week in Security (LWiS) - 2025-01-27

0-click deanonymization (@hackermondev), Subaru hacks (@samwcyo + @infosec_au), 🍪 sandwitch (@d4d89704243), Entra Connect attacks (@hotnops), Kerberos relaying via HTTP (@croco_byte), and more!

FortiOS Authentication Bypass Vulnerability Exploited to Gain Super-Admin Access

A critical zero-day vulnerability in Fortinet's FortiOS and FortiProxy products tracked as CVE-2024-55591, has been actively exploited in the wild, allowing attackers to gain super-admin privileges.

Get FortiRekt, I Am The Super_Admin Now - Fortinet FortiOS Authentication Bypass CVE-2024-55591

Welcome to Monday, and what an excitingly fresh start to the week we're all having. Grab your coffee, grab your vodka - we're diving into a currently exploited-in-the-wild critical Authentication Bypass affecting foRtinet's (we are returning the misspelling gesture 🥰) flagship SSLVPN appliance, th...

48,000+ internet-facing Fortinet firewalls still open to attack - Help Net Security

Too many Fortinet firewalls vulnerable to attack via CVE-2024-55591 are still accessible from the Internet.

50,000 Fortinet Firewalls Remain Vulnerable to Critical Zero-Day Exploit

As of January 22, 2025, nearly 50,000 Fortinet firewall devices remain exposed to a critical zero-day vulnerability (CVE-2024-55591) despite urgent warnings and available patches. The flaw, which has been actively exploited since November 2024, allows attackers to bypass authentication and gain supe...

50K Fortinet firewalls still vulnerable to latest zero-day

Fortinet customers need to get with the program and apply the latest updates as nearly 50,000 management interfaces are still vulnerable to the latest zero-day exploit. Data from the Shadowserver Foundation...

Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are encrypting AWS S3 data without using