Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests.

  • Published: Feb 11, 2025
  • Updated: May 4, 2025
  • CVE: CVE-2025-24472
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
fortinet / fortiproxy 7.0.0 7.0.20
fortinet / fortiproxy 7.2.0 7.2.13
fortinet / fortios 7.0.0 7.0.17