Exposures › CVE-2025-24472

CVE-2025-24472

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2025-03-18
Reference
⚡ RCE ⌖ exploited in the wild shame 85/100 ransomwareexploited-in-wildunpatchedauth-bypassrcenegligence

A remote attacker can bypass authentication to gain super-admin privileges on Fortinet FortiOS and FortiProxy via crafted CSF proxy requests.

This authentication bypass flaw allows remote attackers to escalate to super-admin access without valid credentials, enabling full system compromise. DIB organizations must verify patch levels on Fortinet firewalls and proxies, as this flaw is actively exploited in the wild and linked to ransomware campaigns. Immediate remediation requires applying the latest FortiOS and FortiProxy patches and reviewing network segmentation to limit lateral movement if compromised.

Shame score — A critical authentication bypass in a core firewall product that is actively exploited in the wild and linked to ransomware, demonstrating severe negligence and avoidable risk to defense networks.

Players implicated

Description

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.