CVE-2025-24472 is an authentication bypass vulnerability identified in Fortinet’s FortiOS and FortiProxy products. This flaw allows a remote attacker to gain super-admin privileges by sending specially crafted CSF proxy requests.
Affected Versions:
- FortiOS: Versions 7.0.0 through 7.0.16
- FortiProxy: Versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12
Severity:
The vulnerability has been assigned a CVSS v3.1 base score of 8.1, categorizing it as ‘High’ severity.
Mitigation:
Fortinet has addressed this issue in the following versions:
- FortiOS: Version 7.0.17 and later
- FortiProxy: Versions 7.0.20 and 7.2.13 and later
Users are strongly advised to update to these versions or newer to mitigate potential risks.
See more details on: