Authentication Bypass Vulnerability in FortiOS and FortiProxy Products

CVE-2025-24472

What is CVE-2025-24472?

CVE-2025-24472 is a critical authentication bypass vulnerability found in FortiOS and FortiProxy products developed by Fortinet. These products serve pivotal roles in network management and security, acting as operating systems for Fortinet’s security appliances and proxies. The flaw enables remote attackers to exploit the system by sending specially crafted proxy requests, potentially granting them super-admin privileges without proper authentication. Such unauthorized access poses a severe risk to organizational network integrity, allowing for the manipulation and exfiltration of sensitive data.

Technical Details

This vulnerability specifically affects FortiOS versions 7.0.0 through 7.0.16 and 7.0.19, as well as FortiProxy versions 7.2.0 through 7.2.12. The nature of the vulnerability is categorized as an "Authentication Bypass Using an Alternate Path or Channel" (CWE-288). By leveraging this weakness, an attacker can circumvent normal authentication protocols and gain elevated privileges, compromising the security environment of any system using these Fortinet products.

Potential Impact of CVE-2025-24472

1. Unauthorized Access: Attackers could exploit this vulnerability to achieve super-admin access, enabling them to manipulate or extract sensitive data, potentially leading to severe data breaches.

2. Network Control: With elevated privileges, an attacker could exert control over security configurations and policies, creating vulnerabilities that could be exploited further or lead to a cascading failure of security measures.

3. Increased Attack Surface: The vulnerability presents an opportunity for attackers to launch subsequent attacks or malware deployment within the network, further complicating an organization’s cybersecurity posture.

References