February 11, 2025 By Sergiu Gatlan
Fortinet warned today that attackers are exploiting another authentication bypass zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks.
Successful exploitation of this vulnerability (CVE-2025-24472) allows remote attackers to gain super-admin privileges by making maliciously crafted CSF proxy requests. The security flaw impacts FortiOS 7.0.0 through 7.0.16, FortiProxy 7.0.0 through 7.0.19, and FortiProxy 7.2.0 through 7.2.12.
Fortinet added the bug as a new CVE-ID to a security advisory issued last month when it cautioned customers that threat actors were actively exploiting a FortiOS and FortiProxy auth bypass (tracked as CVE-2024-55591 and impacting the identical software versions). However, as the company explained, the CVE-2024-55591 zero-day can be exploited by making malicious requests to the Node.js websocket module.