Insufficient Session Expiration and Incorrect Authorization in Fortinet Product
CVE-2024-33507

7HIGH

Key Information:

Vendor: Fortinet
Status: Fortiisolator
Vendor: CVE Published:; 14 October 2025

What is CVE-2024-33507?

A security vulnerability in FortiIsolator allows an unauthenticated remote attacker to deauthenticate logged-in administrators by exploiting an insufficient session expiration issue via crafted cookies. Additionally, a remote authenticated attacker with read-only privileges can gain write access through a similar method, effectively compromising the system's integrity. This vulnerability impacts multiple versions of FortiIsolator, necessitating urgent remediation to protect against potential exploitation.

Affected Version(s)

FortiIsolator 2.4.0 <= 2.4.4

FortiIsolator 2.3.0 <= 2.3.4

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-062

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Apr 23, 2024

JSON