Authentication Bypass Vulnerability in FortiOS and FortiProxy Products
CVE-2025-24472

9.8CRITICAL

Key Information:

Vendor
Fortinet
Status
FortiOS
Fortiproxy
Vendor
CVE Published:
11 February 2025

Badges

📈 Trended📈 Score: 2,470💰 Ransomware👾 Exploit Exists🦅 CISA Reported📰 News Worthy

What is CVE-2025-24472?

CVE-2025-24472 is a critical authentication bypass vulnerability found in FortiOS and FortiProxy products developed by Fortinet. These products serve pivotal roles in network management and security, acting as operating systems for Fortinet’s security appliances and proxies. The flaw enables remote attackers to exploit the system by sending specially crafted proxy requests, potentially granting them super-admin privileges without proper authentication. Such unauthorized access poses a severe risk to organizational network integrity, allowing for the manipulation and exfiltration of sensitive data.

Technical Details

This vulnerability specifically affects FortiOS versions 7.0.0 through 7.0.16 and 7.0.19, as well as FortiProxy versions 7.2.0 through 7.2.12. The nature of the vulnerability is categorized as an "Authentication Bypass Using an Alternate Path or Channel" (CWE-288). By leveraging this weakness, an attacker can circumvent normal authentication protocols and gain elevated privileges, compromising the security environment of any system using these Fortinet products.

Potential Impact of CVE-2025-24472

  1. Unauthorized Access: Attackers could exploit this vulnerability to achieve super-admin access, enabling them to manipulate or extract sensitive data, potentially leading to severe data breaches.

  2. Network Control: With elevated privileges, an attacker could exert control over security configurations and policies, creating vulnerabilities that could be exploited further or lead to a cascading failure of security measures.

  3. Increased Attack Surface: The vulnerability presents an opportunity for attackers to launch subsequent attacks or malware deployment within the network, further complicating an organization’s cybersecurity posture.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

FortiOS 7.0.0 <= 7.0.16

FortiProxy 7.2.0 <= 7.2.12

FortiProxy 7.0.0 <= 7.0.19

News Articles

Critical Fortinet Vuln Draws Fresh Attention

CISA this week added CVE-2025-24472 to its catalog of known exploited vulnerabilities, citing ransomware activity targeting the authentication bypass flaw.

4 weeks ago

favicon imageInfosecurity Magazine

Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns

The US Cybersecurity and Infrastructure Security Agency added flaws in Fortinet and a popular GitHub Action to its Known Exploited Vulnerabilities catalog

1 month ago

favicon imageCISA (.gov)

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

1 month ago

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-535

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🦅

    CISA Reported

  • 💰

    Used in Ransomware

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

.