CVE-2025-24472
Published: 11 February 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-24472 is an Authentication Bypass Using an Alternate Path or Channel vulnerability (CWE-288) with a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). It affects FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.2.0 through 7.2.12 as well as 7.0.0 through 7.0.19.
A remote unauthenticated attacker with prior knowledge of the serial numbers of upstream and downstream devices can exploit the vulnerability if Security Fabric is enabled. By sending crafted CSF proxy requests, the attacker may gain super-admin privileges on the downstream device.
The Fortinet PSIRT advisory provides details on mitigation and patches at https://fortiguard.fortinet.com/psirt/FG-IR-24-535. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24472, indicating active real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 18 March 2025
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a remote unauthenticated authentication bypass in FortiOS/FortiProxy (public-facing network security devices) via crafted requests when Security Fabric is enabled, directly enabling exploitation of a public-facing application for initial access and admin privileges.