CVE-2025-24471
published 2025-06-10CVE-2025-24471: An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | forticlient | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | >= 7.4.0 < 7.4.8 | 7.4.8 |
| fortinet | fortios | 7.4.0 – 7.4.7 | — |
| fortinet | fortios | >= 7.6.0 < 7.6.2 | 7.6.2 |
| fortinet | fortios | 7.6.0 – 7.6.1 | — |
| fortinet | fortisase | — | — |
| fortinet | fortisase | — | — |