- Home
- Alerts & Advisories
- Alerts
- High-Severity Vulnerability in Fortinet Products
High-Severity Vulnerability in Fortinet Products
12 February 2025
Fortinet has released security updates addressing a authentication bypass vulnerability affecting their FortiOS and FortiProxy products.
Fortinet has updated a security advisory issued last month to include a high-severity vulnerability (CVE-2025-24472) affecting their FortiOS and FortiProxy products.
Successful exploitation of the authentication bypass vulnerability could allow remote attackers to gain super-admin privileges via maliciously crafted CSF proxy requests.
The vulnerability affects the following products:
FortiOS versions 7.0.0 through 7.0.16
FortiProxy versions 7.0.0 through 7.0.19
FortiProxy versions 7.2.0 through 7.2.12
The vulnerability has been addressed and fixed in the patches released in January 2025 for CVE-2024-55591 (See here).
Workaround
If updating is not feasible, users are recommended to implement the following mitigation:
Disable Security Fabric from the CLI:
Config system csf
Set status disable
end
More information is available here:
https://fortiguard.fortinet.com/psirt/FG-IR-24-535