Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. High-Severity Vulnerability in Fortinet Products
Alerts

High-Severity Vulnerability in Fortinet Products

12 February 2025

Fortinet has released security updates addressing a authentication bypass vulnerability affecting their FortiOS and FortiProxy products.

Fortinet has updated a security advisory issued last month to include a high-severity vulnerability (CVE-2025-24472) affecting their FortiOS and FortiProxy products.

Successful exploitation of the authentication bypass vulnerability could allow remote attackers to gain super-admin privileges via maliciously crafted CSF proxy requests.

The vulnerability affects the following products:

  • FortiOS versions 7.0.0 through 7.0.16

  • FortiProxy versions 7.0.0 through 7.0.19  

  • FortiProxy versions 7.2.0 through 7.2.12

The vulnerability has been addressed and fixed in the patches released in January 2025 for CVE-2024-55591 (See here).

Workaround

If updating is not feasible, users are recommended to implement the following mitigation:

Disable Security Fabric from the CLI:

Config system csf
   Set status disable
end

More information is available here:

https://fortiguard.fortinet.com/psirt/FG-IR-24-535

https://nvd.nist.gov/vuln/detail/CVE-2025-24472

https://www.bleepingcomputer.com/news/security/fortinet-discloses-second-firewall-auth-bypass-patched-in-january/

Back to top