CVE-2025-24472: Authentication bypass in Node.js websocket module and CSF requests
First published: Tue Jan 14 2025(Updated: )
Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiOS IPS Engine | >=7.0.0<=7.0.16>=7.0.0<7.0.19 | |
| Fortinet FortiProxy | >=7.2.0<=7.2.12 | |
| Fortinet FortiOS IPS Engine | >=7.0.0<=7.0.16 | |
| Fortinet FortiProxy | >=7.2.0<=7.2.12 | |
| Fortinet FortiProxy | >=7.0.0<=7.0.19 | |
| Fortinet FortiOS and FortiProxy SSL-VPN |
Remedy
Please upgrade to FortiOS version 7.0.17 or above Please upgrade to FortiProxy version 7.2.13 or above Please upgrade to FortiProxy version 7.0.20 or above
Remedy
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://fortiguard.fortinet.com/psirt/FG-IR-24-535
- https://www.bleepingcomputer.com/news/security/fortinet-discloses-second-firewall-auth-bypass-patched-in-january/
- https://www.fortiguard.com/psirt/cvrf/FG-IR-24-535
- https://www.fortiguard.com/psirt/FG-IR-24-535
- https://www.bleepingcomputer.com/news/security/new-superblack-ransomware-exploits-fortinet-auth-bypass-flaws/
- https://www.theregister.com/2025/03/14/ransomware_gang_lockbit_ties/
- https://nvd.nist.gov/vuln/detail/CVE-2025-24472
Frequently Asked Questions
What is the severity of CVE-2025-24472?
CVE-2025-24472 is considered a critical vulnerability as it allows remote attackers to gain super-admin privileges.
How do I fix CVE-2025-24472?
To fix CVE-2025-24472, upgrade FortiOS to version 7.0.17 or later and FortiProxy to version 7.2.13 or later.
What versions are affected by CVE-2025-24472?
CVE-2025-24472 affects FortiOS versions 7.0.0 through 7.0.16 and 7.0.0 through 7.0.19, as well as FortiProxy versions 7.2.0 through 7.2.12.
Who is vulnerable to CVE-2025-24472?
Any organization using the affected versions of FortiOS or FortiProxy is vulnerable to CVE-2025-24472.
What type of attack does CVE-2025-24472 enable?
CVE-2025-24472 enables an authentication bypass attack through crafted CSF proxy requests.
- agent/weakness
- agent/type
- collector/nvd-api
- source/NVD
- agent/author
- agent/title
- agent/first-publish-date
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2025-24472
- alias/CVE-2024-55591
- alias/FG-IR-24-535
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/fortiguard-psirt
- source/FortiGuard
- collector/epss-latest
- source/FIRST
- agent/epss
- alias/CVE-2025-2447
- collector/the-register
- source/The Register
- agent/severity
- agent/news-ai
- zeroday/true
- exploited/true
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/cisa-known-exploited
- source/CISA
- ransomware/true
- agent/source
- agent/remedy
- agent/references
- agent/softwarecombine
- agent/description
- agent/tags
- agent/trending
- agent/event
- collector/nvd-cve
- vendor/fortinet
- canonical/fortinet fortios ips engine
- canonical/fortinet fortiproxy
- version/fortinet fortios ips engine/7.0.0
- version/fortinet fortios ips engine/7.0.16
- version/fortinet fortiproxy/7.2.0
- version/fortinet fortiproxy/7.2.12
- version/fortinet fortiproxy/7.0.0
- version/fortinet fortiproxy/7.0.19
- canonical/fortinet fortios and fortiproxy ssl-vpn