CVE-2025-24472
Published Feb 11, 2025
Last updated 5 months ago
- Description
- An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to gain super-admin privileges on the downstream device, if the Security Fabric is enabled, via crafted CSF proxy requests.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortiproxy, fortios
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
- Exploit added on
- Mar 18, 2025
- Exploit action due
- Apr 8, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- psirt@fortinet.com
- CWE-288
- Hype score
- Not currently trending
SuperBlack exploits CVE-2024-55591 and CVE-2025-24472 in Fortinet systems. AI ShieldNet uses behavioral AI to detect and stop zero-day attacks like this. Website: https://t.co/eeFYunNtwv #Cybersecurity #AIShieldNet #prosfinity https://t.co/Du0dl8F8rR
@prosfinity
10 Jun 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinetの脆弱性(CVE-2024-55591,CVE-2025-24472)を狙うサイバー攻撃が国内でも発生-JPCERTが警告 #セキュリティ対策Lab #セキュリティ #Security https://t.co/K2LlhH44nA
@securityLab_jp
9 May 2025
68 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Hey, did you hear? Hackers are getting SUPER-ADMIN access to Fortinet firewalls using CVE-2025-24472 & deploying "SuperBlack" ransomware. Patch ASAP! #cybersecurity https://t.co/7aQ6CFwzYs
@storagetechnews
4 Apr 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24472
@transilienceai
3 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24472
@transilienceai
31 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24472
@transilienceai
27 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Fortinet has patched critical vulnerabilities (NCSC-2025-0082) in FortiOS, FortiProxy, FortiPAM, FortiSRA, and FortiWeb. Exploited in ransomware attacks, this flaw allows unauthorized code execution. Patch now! #CVE-2024-55591 #CVE-2025-24472 https://t.co/tPrTnAvPap
@RedTeamNewsBlog
24 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24472
@transilienceai
21 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
FortiOS, FotiProxyの脆弱性の悪用が確認されているとのこと。 CVE-2025-24472 CVE-2024-55591 Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns - Infosecurity Magazine https://t.co/w3vcJozVFT
@ntsuji
21 Mar 2025
6448 Impressions
30 Retweets
69 Likes
18 Bookmarks
2 Replies
1 Quote
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-24472 #Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability https://t.co/F6TsuBLDkl
@ScyScan
20 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Threat Alert: Fortinet CVE-2025-24472 Ransomware Exploitation 📅 Date: 2025-03-19 📌 Attribution: Mora_001 (potential ties to LockBit operations) 📝 Summary: A critical authentication bypass vulnerability (CVE-2025-24472) in Fortinet's FortiOS and FortiProxy technologies has…
@syedaquib77
20 Mar 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24472
@transilienceai
20 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔴 FortiOS, Authentication Bypass, #CVE-2025-24472 (Critical) https://t.co/B3nCMGjLX5
@dailycve
19 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert: CISA has issued a critical warning about a major vulnerability (CVE-2025-24472) in Fortinet’s FortiOS and FortiProxy systems. Remote attackers can exploit this flaw to gain super-admin access. 🔗 Read more: https://t.co/pJkREGY1By https://t.co/DZUfXOc8GU
@Hosainfosec
19 Mar 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns: Fortinet FortiOS auth bypass (CVE-2025-24472) exploited in the wild. Patches out, but why bother? With WEBOUNCER, no patching, no updates—just instant protection. #Cybersecurity #WEBOUNCER #impenetrable https://t.co/PZKJp781A8 via @The_Cyber_News
@BrainLabVisions
19 Mar 2025
58 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
1 Quote
Ransomware Alert! Fortinet Under Siege: New ransomware gang SuperBlack exploits CVE-2024-55591 & CVE-2025-24472! CVE-2024-55591 – An Authentication bypass vulnerability affecting Fortinet's FortiOS and FortiProxy products. This flaw allows remote attackers to gain super-adm
@Loginsoft_Inc
19 Mar 2025
79 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が、既知の悪用された脆弱性カタログに、FortiOS/FortiProxyの認証回避CVE-2025-24472とGitHub Action tj-actions/changed-filesの悪性コードCVE-2025-30066を追加。対応期限は通常の4/8。Fortiはランサムウェア悪用済。 https://t.co/JQnPJmC90H
@__kokumoto
18 Mar 2025
1240 Impressions
4 Retweets
16 Likes
2 Bookmarks
1 Reply
0 Quotes
🛡️ We added vulnerabilities for Fortinet FortiOS & FortiProxy, CVE-2025-24472, and GitHub, CVE-2025-30066, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/bJOgGeWmb8 & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec htt
@CISACyber
18 Mar 2025
11534 Impressions
58 Retweets
111 Likes
17 Bookmarks
5 Replies
4 Quotes
🚨 Hackers linked to LockBit are exploiting Fortinet firewall vulnerabilities (CVE-2024-55591 & CVE-2025-24472) to deploy the SuperBlack ransomware. 🔹 Data is exfiltrated before encryption 🔹 Strong ties to LockBit 3.0 ransomware 🔹 Unpatched orgs remain at risk 📌 Patch NOW
@the_aryanmittal
17 Mar 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New ransomware group Mora_001 is exploiting Fortinet vulnerabilities (CVE-2024-55591, CVE-2025-24472), linked to LockBit. Affected devices may face threats if not patched. 🚨 #Fortinet #Ransomware #USA link: https://t.co/ddxsXkSqYa https://t.co/Sbhk3dsM1c
@TweetThreatNews
17 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
SuperBlack ransomware exploits Fortinet auth bypass flaws. The two vulnerabilities, both authentication bypasses, are CVE-2024-55591 and CVE-2025-24472, which Fortinet disclosed in January and February. https://t.co/D4e54UyCDn https://t.co/xjXCWZmSBr
@riskigy
16 Mar 2025
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyber Alert : "SuperBlack ransomware is crashing the party, sneaking through Fortinet firewall holes (CVE-2024-55591, CVE-2025-24472)! A sneaky Russian hacker’s behind it, turning cyber chaos up to 11. Patch those systems fast—don’t let this villain steal the show!" #cybercrime
@MohamedMar66543
16 Mar 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: Recent Fortinet Vulnerabilities Exploited in 'SuperBlack' Ransomware Attacks CVE-2024-55591 CVE-2025-24472 CVE-2025-2447 Severity: 🔴 High Maturity: 💥 Mainstream Learn more: https://t.co/sg0tFeoYVO #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
15 Mar 2025
85 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
⚠️ Vulnerability Alert: Authentication Bypass Vulnerabilities in Fortinet Firewalls 📅 Timeline: Disclosure: 2024-01-14, Patch: 2025-01-21 📌 Attribution: 🆔cveId: CVE-2024-55591, CVE-2025-24472 📊baseScore: 📏cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H… https:
@syedaquib77
15 Mar 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-55591 & CVE-2025-24472: Fortinet’s Double Vulnerability Nightmare https://t.co/vI63gkrOHW
@Dinosn
15 Mar 2025
5915 Impressions
39 Retweets
104 Likes
34 Bookmarks
0 Replies
1 Quote
CVE-2024-55591 & CVE-2025-24472: Fortinet's Double Vulnerability Nightmare Forescout researchers have identified a new ransomware group, dubbed Mora_001, exploiting two critical vulnerabilities in Fortinet products to gain unauthorized access to firewalls https://t.co/wwPp7i
@the_yellow_fall
15 Mar 2025
924 Impressions
4 Retweets
14 Likes
6 Bookmarks
0 Replies
1 Quote
SuperBlack Ransomware Targets Fortinet Flaws Hackers exploit Fortinet CVE-2024-55591 & CVE-2025-24472 to gain super_admin access, steal data & deploy SuperBlack ransomware 🛑 Linked to LockBit, it erases forensic traces with WipeBlack! Patch now!⚠️ https://t.co/q8dvOPU
@dCypherIO
14 Mar 2025
21 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🗞️ SuperBlack Ransomware Exploits Fortinet Auth Bypass Flaws in Targeted Attacks The new SuperBlack ransomware is exploiting Fortinet auth bypass flaws (CVE-2025-24472) to hit unpatched firewalls, with Forescout linking it to LockBit tactics. Over 23K vulnerable devices remain…
@gossy_84
14 Mar 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SuperBlack ransomware is exploiting Fortinet vulnerabilities! 📌 CVE-2024-55591 & CVE-2025-24472 used for initial access 📌 Double extortion + custom wiper WipeBlack 📌 Uses LockBit’s leaked builder Patch your systems! Breaking news from the world &… https://t.co/ZF7G3
@godeepweb
14 Mar 2025
37 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Recent Fortinet Vulnerabilities Exploited in ‘SuperBlack’ Ransomware Attacks The newly discovered SuperBlack ransomware has been exploiting two vulnerabilities CVE-2024-55591 and CVE-2025-24472 in Fortinet firewalls. https://t.co/1TlLQtZmcC https://t.co/Pf5olgk4t6
@persistsec
14 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
According to Forescout, SuperBlack ransomware is exploiting CVE-2024-55591 and CVE-2025-24472, which target FortiGate 7.0.X management interfaces patched in Jan 2025. My latest investigation found over 30K vulnerable servers worldwide (Mgmt interface exposed, no patch applied). h
@nekono_naha
14 Mar 2025
1333 Impressions
4 Retweets
9 Likes
4 Bookmarks
0 Replies
0 Quotes
2025年1月に修正されたFortiGate7.0.X系の管理画面を対象としたCVE-2024-55591、CVE-2025-24472を悪用したSuperBlackランサム攻撃をForescout社が報告。調査した所、本日時点でもグローバルで23K台、国内1K台超の脆弱サーバを発見。なお、管理画面閉鎖、パッチ適用済み機器でも以下のような極めて面倒… https://t.co/FYC5CH9Lqq https://t.co/kpJ4Cr5M7f
@nekono_naha
14 Mar 2025
3008 Impressions
8 Retweets
39 Likes
18 Bookmarks
0 Replies
1 Quote
A ransomware group, Mora_001, exploits Fortinet vulnerabilities CVE-2024-55591 and CVE-2025-24472 to deploy SuperBlack ransomware, with the latter confirmed exploited in attacks since February 2025, despite prior reassurances from Fortinet. #Security https://t.co/ARD6Z4X3bb
@Strivehawk
13 Mar 2025
65 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Flash Notice: CVE-2025-24472 Actively Exploited - Patch and Manage | 03-03-2025 Source: https://t.co/PsbNnmQd6Y Key details below ↓ 🎯Victims: Fortinet 🔓CVEs: CVE-2024-55591 \[[Vulners](https://t.co/cNWxPVNtLL)] - CVSS V3.1: *9.8*, -… https:/
@rst_cloud
3 Mar 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24472 - Vulnerabilidad de Omisión de Autenticación en Fortinet FortiOS y FortiProxy 🚨 🟠 Nivel de Urgencia: Alto 📊 Puntuación CVSS: 8.1 https://t.co/3GluuG61k7
@BanCERT_gt
28 Feb 2025
25 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
ثغرة (CVE-2025-24472) Zeroday في #Fortinet 💥 أمثلة هجمات واقعية 1️⃣ مسح لأجهزة FortiOS و FortiProxy المكشوفة للإنترنت 2️⃣ استغلال للحصول على امتيازات المسؤول دون مصادقة 3️⃣ تثبيت باب خلفي وسرقة بيانات حساسة الاطلاع على الأجهزة المكشوفة مع Criminal IP⬇ https://t.co/1oJ6C0aEkS htt
@CriminalIP_AR
26 Feb 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨#Fortinet FortiOS & FortiProxy 제로데이 취약점 (CVE-2025-24472) 관리자 인증 우회 가능! 공격자에게 시스템이 뚫릴 수 있습니다. 💥 실제 공격 사례 1️⃣ 인터넷에 노출된 FortiOS 및 FortiProxy 장비 스캔 2️⃣ 취약점을 악용해 인증 없이 관리자 권한 획득 3️⃣ 추가 확장을 위해 백도어 설치 및… https://t.co/lnU8VKrEk0 https://t.co/t8FxATG440
@CriminalIP_KR
26 Feb 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨#Fortinet FortiOS & FortiProxyのゼロデイ脆弱性(CVE-2025-24472) 管理者認証をバイパス可能!攻撃者にシステムが突破される可能性があります。 💥 実際の攻撃事例 1️⃣ インターネットに公開されたFortiOS及びFortiProxy機器をスキャン 2️⃣ 脆弱性を悪用して認証なしで管理者権限を取得 3️⃣… https://t.co/PfKislj6UN https://t.co/lvAUH6BRpC
@CriminalIP_JP
26 Feb 2025
145 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #Fortinet Zero-Day Vulnerability (CVE-2025-24472) in FortiOS & FortiProxy Admins beware! This flaw allows authentication bypass, putting systems at risk of takeover. 💥 Real-World Attack Scenario: 1️⃣ Scanning for exposed FortiOS & FortiProxydevices online 2️⃣ Exploit
@CriminalIP_US
25 Feb 2025
178 Impressions
1 Retweet
2 Likes
1 Bookmark
1 Reply
0 Quotes
🚨CVE-2025-24472: Vulnerabilidad crítica en Fortinet 🤯🥷🏴☠️ Descubre cómo funciona esta vulnerabilidad, su impacto y las medidas urgentes que debes tomar.👇🏻 https://t.co/dcfDgUP3Fh… #hacking #infosec #hackers #cybersecurity https://t.co/HHhpCAWGge
@FOREX_MAX_C_E_O
24 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 CVE-2025-24472: Authentication Bypass Crítico en FortiOS/FortiProxy Permite Toma de Control Total vía CSF Proxy https://t.co/eZU6QXSqhy
@tpx_Security
14 Feb 2025
135 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 ALERTA DE SEGURANÇA 🚨 Falha crítica na Fortinet (CVE-2025-24472) permite acesso superadmin remoto em FortiGate e FortiProxy! 🛑 Atualize já! ✔️ FortiOS 7.0.0 → 7.0.16 ✔️ FortiProxy 7.0.0 → 7.0.19 | 7.2.0 → 7.2.12 🔹 Clientes IT Value já protegidos! 📞 (21) 2532-5236 https://
@ITValueC
13 Feb 2025
8 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet has warned that attackers are exploiting a zero-day vulnerability (CVE-2025-24472) in FortiOS and FortiProxy to hijack firewalls, gaining super-admin access through crafted proxy requests. #CyberSecurity #Fortinet https://t.co/U6Y85xb2VX
@Cyber_O51NT
13 Feb 2025
107 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨FortiGate Vulnerability CVE-2025-24472 expands the vulnerability in FortiOS 7.0.0 to 7.0.16 discovered earlier this year and allows remote attackers to gain super-admin privileges. 👉Find out what to do now here: https://t.co/lPbEGgehMd https://t.co/SB1mOQtbuO
@OrangeCyberUK
12 Feb 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Alerta de segurança! Invasores estão explorando a vulnerabilidade CVE-2025-24472 do FortiOS e FortiProxy, possibilitando o sequestro de firewalls e acesso não autorizado a redes corporativas. Já aplicou as correções? Sua proteção depende disso! 🔒 #IncursioHack
@IncursioHack
12 Feb 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet has issued a warning about threat actors exploiting a new zero-day vulnerability, tracked as CVE-2025-24472 (with a CVSS score of 8.1), in its FortiOS and FortiProxy products to hijack firewalls. https://t.co/KIQFssswbb
@VULNERAsecurity
12 Feb 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet has disclosed CVE-2025-24472, a vulnerability fixed in January, not a zero-day. Only CVE-2024-55591 is actively exploited. Organizations should secure their FortiOS & FortiProxy firewalls. 🔒 #Fortinet #Vulnerability #USA link: https://t.co/oUDNrTOWvi https://t.co/G
@TweetThreatNews
12 Feb 2025
15 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January, but not disclosed then. Furthermore, even though the current advisory states that the listed flaws were exploited in attacks and includes… ht
@BleepinComputer
12 Feb 2025
19370 Impressions
53 Retweets
164 Likes
39 Bookmarks
5 Replies
3 Quotes
Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January. Furthermore, even though the current advisory states that the listed flaws were exploited in attacks and includes workarounds, Fortinet says…
@BleepinComputer
12 Feb 2025
379 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortiOSとFortiProxyの一部のバージョンにおいて、「認証バイパス」(CWE-288)の脆弱性CVE-2025-24472, CVE-2024-55591 攻撃者はNode.jsのWebSocketモジュールまたはCSFのプロキシリクエストを利用したリクエストを送ることで、管理者(スーパーユーザー)権限を取得します。 https://t.co/npc0IB0htf
@t_nihonmatsu
12 Feb 2025
270 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B14CD59-F557-48A0-8458-BECD3AD7DB3A",
"versionEndExcluding": "7.0.20",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC18768-0891-465E-9900-3DF5D22A5CB3",
"versionEndExcluding": "7.2.13",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD357034-B2FD-4C2E-97FE-2C54D686D885",
"versionEndExcluding": "7.0.17",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]