Skip to content

Known Exploited Fortinet FortiOS Vulnerabilities - 20250115005

Overview

Fortinet has identified an Authentication Bypass vulnerability using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy, which may allow remote attackers to gain super-admin privileges via crafted requests to Node.js websocket module.

What is vulnerable?

Product(s) Affected Version(s) CVE CVSS Severity
FortiOS 7.0 7.0.0 through 7.0.16 CVE-2024-55591
CVE-2025-24472
9.6
8.1
Critical
High
FortiProxy 7.0
FortiProxy 7.2
7.0.0 through 7.0.19
7.2.0 through 7.2.12
CVE-2024-55591
CVE-2025-24472
9.6
8.1
Critical
High

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):

Additional References

Change Log

  • 2025-01-15 : Initial Publication
  • 2025-02-12 : Added new vulnerability (CVE) disclosed by Fortinet