CVE-2025-24471
MEDIUMFortinet Fortisase < 7.4.8 - Improper Certificate Validation
Title source: ruleDescription
An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.
References (2)
Core 2
Core References
Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-24-544
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Scores
CVSS v3
6.5
EPSS
0.0032
EPSS Percentile
23.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-295
Status
published
Products (4)
Fortinet/FortiOS
7.4.0 - 7.4.7
fortinet/fortios
7.4.0 - 7.4.8
Fortinet/FortiOS
7.6.0 - 7.6.1
fortinet/fortisase
25.1.39
Published
Jun 10, 2025
Tracked Since
Feb 18, 2026