CVE-2025-24472
Summary
| CVE | CVE-2025-24472 |
|---|---|
| State | PUBLISHED |
| Assigner | fortinet |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2025-02-11 17:15:34 UTC |
| Updated | 2026-07-08 14:16:54 UTC |
| Description | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to gain super-admin privileges on the downstream device, if the Security Fabric is enabled, via crafted CSF proxy requests. |
Risk And Classification
Primary CVSS: v3.1 8.1 HIGH from [email protected]
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.030920000 probability, percentile 0.862360000 (date 2026-07-15)
CISA KEV: Listed on 2025-03-18; due 2025-04-08; ransomware use Known
Problem Types: CWE-288 | CWE-288 Execute unauthorized code or commands
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | CNA | CVSS | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA Known Exploited Vulnerability
| Vendor | Fortinet |
|---|---|
| Product | FortiOS and FortiProxy |
| Name | Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability |
| Required Action | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. |
| Notes | https://fortiguard.fortinet.com/psirt/FG-IR-24-535 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24472 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Fortinet | Fortiproxy | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Fortinet | FortiOS | affected 7.0.0 7.0.16 semver | Not specified |
| CNA | Fortinet | FortiProxy | affected 7.2.0 7.2.12 semver | Not specified |
| CNA | Fortinet | FortiProxy | affected 7.0.0 7.0.19 semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| fortiguard.fortinet.com/psirt/FG-IR-24-535 | [email protected] | fortiguard.fortinet.com | Vendor Advisory |
| www.cisa.gov/known-exploited-vulnerabilities-catalog | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | www.cisa.gov | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2025-03-18T00:00:00.000Z | CVE-2025-24472 added to CISA KEV |
Solutions
CNA: Upgrade to FortiOS version 7.0.17 or above Upgrade to FortiProxy version 7.2.13 or above Upgrade to FortiProxy version 7.0.20 or above
There are currently no legacy QID mappings associated with this CVE.