CVE-2025-24472
HIGH KEV RANSOMWAREFortiProxy 7.0.0-7.0.19 and FortiOS 7.0.0-7.0.16 - Unauthenticated Authentication Bypass via CSF Proxy Requests
Title source: llmExploitation Summary
CVE-2025-24472 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 18, 2025, with confirmed use in ransomware campaigns.
Description
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to gain super-admin privileges on the downstream device, if the Security Fabric is enabled, via crafted CSF proxy requests.
References (2)
Core 2
Core References
Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-24-535
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24472
Scores
CVSS v3
8.1
EPSS
0.1043
EPSS Percentile
93.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2025-03-18
VulnCheck KEV
2025-02-11
ENISA EUVD
EUVD-2025-3725
Ransomware Use
Confirmed
CWE
CWE-288
Status
published
Products (2)
fortinet/fortios
7.0.0 - 7.0.17
fortinet/fortiproxy
7.0.0 - 7.0.20
Published
Feb 11, 2025
KEV Added
Mar 18, 2025
Tracked Since
Feb 18, 2026