Summary: Fortinet has issued a warning regarding a new zero-day vulnerability (CVE-2025-24472) in FortiOS and FortiProxy, which allows remote attackers to gain super-admin privileges through crafted proxy requests. This security flaw has been observed being actively exploited in the wild, prompting the company to recommend mitigative actions. The vulnerability affects multiple versions of FortiOS and FortiProxy, necessitating updates from users to prevent unauthorized access and configuration changes.
Affected: Fortinet FortiOS and FortiProxy
Keypoints :
- Vulnerability CVE-2025-24472 has a CVSS score of 8.1, indicating high severity.
- Affected versions include FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12.
- Fortinet has released patches in FortiOS 7.0.17 and FortiProxy 7.0.20/7.2.13 to address the issue.
- Temporary mitigation involves disabling the HTTP/HTTPS administrative interface or restricting access through local-in policies.
- Recent attacks observed by Arctic Wolf involved unauthorized logins, account creation, and configuration changes on FortiGate firewalls.
Source: https://securityaffairs.com/174117/hacking/fortinet-fortios-zero-day-exploited.html