← back
CVE-2025-24472

CVE-2025-24472

CVSS 8.1 HIGHEPSS 3.0%● KEVCWE-288
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.1EPSS 3.0%KEV simPoC Patch
Lifecycle
11 Feb 2025Published on NVD
18 Mar 2025Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

An attacker who knows the serial numbers of network devices can bypass authentication in FortiOS and FortiProxy when Security Fabric is enabled, gaining full administrative access without logging in.

Technical detail

CWE-288 authentication bypass in FortiOS 7.0.0–7.0.16 and FortiProxy 7.2.0–7.2.12, 7.0.0–7.0.19 allows unauthenticated remote attackers to escalate to super-admin via crafted CSF proxy requests when Security Fabric is enabled; requires prior knowledge of upstream and downstream device serial numbers.

Summary generated and translated by AI from the official description.
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to gain super-admin privileges on the downstream device, if the Security Fabric is enabled, via crafted CSF proxy requests.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:C
Affected products
Fortinet · FortiOSFortinet · FortiProxy

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.fortinet.com/psirt/FG-IR-24-535https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24472