Fortinet News Articles

Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter is out! Every week, the best security articles from Security Affairs in your email box

2 weeks ago

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

Hackers exploited a Fortinet FortiWeb flaw the same day a PoC was published, compromising dozens of systems.

2 weeks ago

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

Hackers exploited a Fortinet FortiWeb flaw the same day a PoC was published, compromising dozens of systems.

2 weeks ago

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its KEV Catalog, based on evidence of active exploitation

2 weeks ago

CISA Warns of Fortinet FortiWeb SQL Injection Vulnerability Exploited in Attacks

CISA has added a critical Fortinet FortiWeb vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation of the SQL injection flaw in cyberattacks worldwide.

2 weeks ago

FortiWeb Systems Compromised via Webshells After Public PoC Release

A widespread cyberattack campaign has successfully compromised dozens of Fortinet FortiWeb instances through webshell deployment.

2 weeks ago

Fortinet FortiWeb Instances Hacked With Webshells Following Public PoC Exploits

Dozens of Fortinet FortiWeb instances have been compromised with webshells in a widespread hacking campaign, according to the threat monitoring organization The Shadowserver Foundation.

3 weeks ago

New Fortinet FortiWeb hacks likely linked to public RCE exploits

Multiple Fortinet FortiWeb instances recently infected with web shells are believed to have been compromised using public exploits for a recently patched remote code execution (RCE) flaw tracked as CVE-2025-25257.

3 weeks ago

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257) - Help Net Security

With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 is expected to be leveraged by attackers soon.

3 weeks ago

The first week of CVE-2025-25257 in FortiWeb Fabric Connector – Global Security Mag Online

The first week of CVE-2025-25257 in FortiWeb Fabric Connector CrowdSec

3 weeks ago

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

PoC exploits released for critical Fortinet FortiWeb flaw allowing pre-auth RCE. Fortinet urges users to patch.

3 weeks ago

Critical Vulnerability Exposes Fortinet FortiWeb to Full Takeover (CVE-2025-25257)

WatchTowr Labs reveals CVE-2025-25257, a critical FortiWeb SQL injection vulnerability allowing unauthenticated remote code execution.

3 weeks ago

Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)

Fortinet fixes a critical SQL injection vulnerability in FortiWeb (CVE-2025-25257), posing risks to database security.

3 weeks ago

Fortinet FortiWeb Fabric Connector Vulnerability Exploited to Execute Remote Code

A critical security vulnerability in Fortinet's FortiWeb Fabric Connector has been discovered and exploited, allowing attackers to execute remote code on affected systems without authentication.

3 weeks ago

Critical Fortinet flaws now exploited in Qilin ransomware attacks

The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely.

Researchers Drop PoC for Fortinet CVE-2025-32756, Urging Quick Patching

Researchers have released PoC for CVE-2025-32756, a vulnerability actively being exploited in Fortinet products like FortiMail and FortiCamera.

Fortinet Zero-Day Under Attack: PoC Now Publicly Available

The vulnerability is a stack-based buffer overflow located within the administrative API, specifically in the handling of session cookies.

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Fortinet patched CVE-2025-32756, a zero-day flaw exploited in FortiVoice systems, risking remote code execution.

Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) - Help Net Security

Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice systems.

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices - Help Net Security

An attacker using old FortiOS flaws to breach FortiGate devices has been leveraging symlink to retain limited access to them after patching.

FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) - Help Net Security

Fortinet has released patches for a vulnerability (CVE-2024-48887) in its FortiSwitch devices that could give attackers admin privileges.

Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw

Fortinet patches CVE-2024-48887, a 9.3 CVSS FortiSwitch flaw, urging quick upgrades to avoid attacks.

Critical Fortinet Vuln Draws Fresh Attention

CISA this week added CVE-2025-24472 to its catalog of known exploited vulnerabilities, citing ransomware activity targeting the authentication bypass flaw.

Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns

The US Cybersecurity and Infrastructure Security Agency added flaws in Fortinet and a popular GitHub Action to its Known Exploited Vulnerabilities catalog

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

CISA Issues Security Warning on Fortinet FortiOS Authentication Bypass Exploit

The Cybersecurity and Infrastructure Security Agency (CISA) issued a critical security warning regarding a severe vulnerability in Fortinet's FortiOS and FortiProxy systems.

New Lockbit-linked ransomware group targets Fortinet vulnerabilities

The “SuperBlack” ransomware leverages the LockBit 3.0 builder with a custom encryption tool.

New ransomware gang targets Fortinet firewalls, victim data

Researchers are tracking a newly discovered ransomware group with suspected links to LockBit after a series of intrusions were reported starting in January. Forescout said the group it's tracking as Mora_001...

CISA Adds Four Known Exploited Vulnerabilities to Catalog | CISA

CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-55591(link is external) Fortinet FortiOS Authorization Bypass...

New SuperBlack ransomware exploits Fortinet auth bypass flaws

A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack.

Fortinet discloses second authentication bypass vulnerability | Tec...

Fortinet on Tuesday disclosed another authentication bypass vulnerability. Tracked as CVE-2025-24472, it affects versions of FortiOS and FortiProxy.

FortiOS & FortiProx 0-Day Allows Attackers Hijacks Firewall & Gain Super Admin Access

Fortinet has issued an urgent warning about actively exploiting an already patched zero-day authentication bypass vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products.

Fortinet Firewalls Compromised by New Zero-Day Exploit - VULNERA

Fortinet has issued a warning about threat actors exploiting a new zero-day vulnerability, tracked as CVE-2025-24472 (with a CVSS score of 8.1), in its FortiOS and FortiProxy products to hijack firewalls.

Fortinet FortiOS & FortiProxy Zero-Day Exploited to Hijack Firewall & Gain Super Admin Access

Cybersecurity firm Fortinet has issued an urgent warning regarding a newly discovered zero-day authentication bypass vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products.

Fortinet warns of new zero-day exploited to hijack firewalls

Fortinet warned today that attackers are exploiting another authentication bypass zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks.

Fortinet discloses second firewall auth bypass patched in January

Fortinet warned today that attackers are exploiting another now-patched zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks.

Hackers Allegedly Selling Fortinet Vulnerability Exploit on Dark Web Forums

A significant cybersecurity threat has emerged as hackers on a prominent Russian dark web forum claim to be selling an active exploit targeting Fortinet devices.The exploit reportedly leverages a critical vulnerability, CVE-2024-55591, which affects FortiOS versions 7.0.0 through 7.0.16. 

Fortinet Zero-Day Gives Attackers Super-Admin Privileges

The firewall specialist has patched the security flaw, which was responsible for a series of attacks reported earlier this month that compromised FortiOS and FortiProxy products exposed to the public Internet.

Fortinet Authentication Vulnerability Exploited to Gain Super-Admin Access

A critical authentication vulnerability in Fortinet's FortiGate SSL VPN appliance tracked as CVE-2024-55591, has been weaponized in active attacks.

Last Week in Security (LWiS) - 2025-01-27

0-click deanonymization (@hackermondev), Subaru hacks (@samwcyo + @infosec_au), 🍪 sandwitch (@d4d89704243), Entra Connect attacks (@hotnops), Kerberos relaying via HTTP (@croco_byte), and more!

FortiOS Authentication Bypass Vulnerability Exploited to Gain Super-Admin Access

A critical zero-day vulnerability in Fortinet's FortiOS and FortiProxy products tracked as CVE-2024-55591, has been actively exploited in the wild, allowing attackers to gain super-admin privileges.

Get FortiRekt, I Am The Super_Admin Now - Fortinet FortiOS Authentication Bypass CVE-2024-55591

Welcome to Monday, and what an excitingly fresh start to the week we're all having. Grab your coffee, grab your vodka - we're diving into a currently exploited-in-the-wild critical Authentication Bypass affecting foRtinet's (we are returning the misspelling gesture 🥰) flagship SSLVPN appliance, th...

48,000+ internet-facing Fortinet firewalls still open to attack - Help Net Security

Too many Fortinet firewalls vulnerable to attack via CVE-2024-55591 are still accessible from the Internet.

50,000 Fortinet Firewalls Remain Vulnerable to Critical Zero-Day Exploit

As of January 22, 2025, nearly 50,000 Fortinet firewall devices remain exposed to a critical zero-day vulnerability (CVE-2024-55591) despite urgent warnings and available patches. The flaw, which has been actively exploited since November 2024, allows attackers to bypass authentication and gain supe...

50K Fortinet firewalls still vulnerable to latest zero-day

Fortinet customers need to get with the program and apply the latest updates as nearly 50,000 management interfaces are still vulnerable to the latest zero-day exploit. Data from the Shadowserver Foundation...

Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are encrypting AWS S3 data without using

Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls

The security provider published mitigation measures to prevent exploitation

Fortinet zero-day allows hackers to access corporate networks

Fortinet warns of a critical zero-day vulnerability in their firewalls that is being actively exploited to invade corporate networks.

Fortinet Confirms New Zero-Day Exploitation 

Fortinet patches critical vulnerabilities, including a zero-day that has been exploited in the wild since at least November 2024.