Summary: Fortinet has reported a serious authentication bypass vulnerability (CVE-2025-24472) in its FortiOS and FortiProxy systems, which allows attackers to gain super-admin privileges on affected firewalls. This zero-day flaw, along with another (CVE-2024-55591), has been actively exploited since mid-November, enabling unauthorized access and significant configuration changes in targeted enterprise networks. Organizations are urged to secure their firewalls by disabling public management access and applying necessary updates.
Affected: Fortinet FortiOS and FortiProxy
Keypoints :
- Vulnerability CVE-2025-24472 allows remote attackers to gain super-admin privileges through crafted CSF proxy requests.
- The flaw affects FortiOS versions 7.0.0 to 7.0.16 and FortiProxy versions 7.0.0 to 7.2.12.
- Organizations are recommended to disable HTTP/HTTPS administrative access on affected firewalls to mitigate the risk.
- Cybersecurity firm Arctic Wolf identified ongoing exploitation efforts and notified Fortinet about the attacks.
- The attack campaign consists of multiple phases, including scanning, reconnaissance, and lateral movement.