Fortinet Firewalls Compromised by New Zero-Day Exploit

February 11, 2025

Fortinet has issued a warning about threat actors exploiting a new zero-day vulnerability, tracked as CVE-2025-24472 (with a CVSS score of 8.1), in its FortiOS and FortiProxy products to hijack firewalls. The vulnerability is an authentication bypass issue that could allow a remote attacker to gain super-admin privileges through maliciously crafted CSF proxy requests. The advisory reads, “An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests.”

The vulnerability affects FortiOS 7.0.0 through 7.0.16, FortiProxy 7.0.0 through 7.0.19, and FortiProxy 7.2.0 through 7.2.12. Fortinet has provided a fix in FortiOS 7.0.17 or above and FortiProxy 7.0.20/7.2.13 or above. This vulnerability was added to an advisory related to another vulnerability, CVE-2024-55591, disclosed in January, which also allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

Threat actors are exploiting these flaws to create rogue admin or local users, alter firewall policies, and access SSL VPNs to infiltrate internal networks. To mitigate this issue temporarily, Fortinet recommends disabling the HTTP/HTTPS administrative interface or limiting the IP addresses that can reach it via local-in policies.

Arctic Wolf researchers have recently observed attacks on Fortinet FortiGate firewalls, which involved unauthorized logins, account creation, and configuration changes. They believe that the current campaign can be divided into four distinct phases and that threat actors likely exploited a zero-day flaw in the targeted systems. Arctic Wolf Labs reported the campaign to Fortinet on Dec 12, 2024, and FortiGuard Labs confirmed awareness and investigation on December 17, 2024.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.