Authentication Bypass Vulnerability in FortiOS and FortiProxy Products
CVE-2025-24472

8.1HIGH

Key Information:

Vendor
Fortinet
Status
FortiOS
Fortiproxy
Vendor
CVE Published:
11 February 2025

Badges

📈 Trended📈 Score: 2,470💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2025-24472?

CVE-2025-24472 is a critical authentication bypass vulnerability found in FortiOS and FortiProxy products developed by Fortinet. These products serve pivotal roles in network management and security, acting as operating systems for Fortinet’s security appliances and proxies. The flaw enables remote attackers to exploit the system by sending specially crafted proxy requests, potentially granting them super-admin privileges without proper authentication. Such unauthorized access poses a severe risk to organizational network integrity, allowing for the manipulation and exfiltration of sensitive data.

Technical Details

This vulnerability specifically affects FortiOS versions 7.0.0 through 7.0.16 and 7.0.19, as well as FortiProxy versions 7.2.0 through 7.2.12. The nature of the vulnerability is categorized as an "Authentication Bypass Using an Alternate Path or Channel" (CWE-288). By leveraging this weakness, an attacker can circumvent normal authentication protocols and gain elevated privileges, compromising the security environment of any system using these Fortinet products.

Potential Impact of CVE-2025-24472

  1. Unauthorized Access: Attackers could exploit this vulnerability to achieve super-admin access, enabling them to manipulate or extract sensitive data, potentially leading to severe data breaches.

  2. Network Control: With elevated privileges, an attacker could exert control over security configurations and policies, creating vulnerabilities that could be exploited further or lead to a cascading failure of security measures.

  3. Increased Attack Surface: The vulnerability presents an opportunity for attackers to launch subsequent attacks or malware deployment within the network, further complicating an organization’s cybersecurity posture.

Affected Version(s)

FortiOS 7.0.0 <= 7.0.16

FortiProxy 7.2.0 <= 7.2.12

FortiProxy 7.0.0 <= 7.0.19

News Articles

favicon imageBleepingComputer

New SuperBlack ransomware exploits Fortinet auth bypass flaws

A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack.

21 hours ago

favicon imageTechTarget

Fortinet discloses second authentication bypass vulnerability | Tec...

Fortinet on Tuesday disclosed another authentication bypass vulnerability. Tracked as CVE-2025-24472, it affects versions of FortiOS and FortiProxy.

favicon imageCybersecurityNews

FortiOS & FortiProx 0-Day Allows Attackers Hijacks Firewall & Gain Super Admin Access

Fortinet has issued an urgent warning about actively exploiting an already patched zero-day authentication bypass vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-535

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

.