⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.. Due date: 2025-04-08.

CVE-2025-24472Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortios

CWE-288Authentication Bypass Using an Alternate Path or ChannelCWE-306Missing Authentication for Critical Function9 documents8 sources
Severity
8.1HIGHNVD
EPSS
10.1%
top 6.90%
CISA KEV
KEVRansomware
Added 2025-03-18
Due 2025-04-08
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet Fortiproxy
Timeline
PublishedFeb 11
KEV addedMar 18
KEV dueApr 8
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to gain super-admin privileges on the downstream device, if the Security Fabric is enabled, via crafted CSF proxy requests.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

NVDfortinet/fortiproxy7.0.07.0.20+1
CVEListV5fortinet/fortiproxy7.2.07.2.12+1
NVDfortinet/fortios7.0.07.0.17
CVEListV5fortinet/fortios7.0.07.0.16

🔴Vulnerability Details

3
GHSA
GHSA-rp3f-whm7-36hq: An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 72025-02-11
CVEList
CVE-2025-24472: An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 72025-02-11
VulnCheck
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability2025

📋Vendor Advisories

2
CISA
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability2025-03-18
Fortinet
Authentication bypass in Node.js websocket module and CSF requests2025-01-14

🕵️Threat Intelligence

3
Bleepingcomputer
New SuperBlack ransomware exploits Fortinet auth bypass flaws2025-03-13
Bleepingcomputer
Fortinet discloses second firewall auth bypass patched in January2025-02-11
Threat Intel
Mora_001
CVE-2025-24472 — Fortinet Fortios vulnerability | cvebase