CVE-2025-24472: Fortinet FortiOS and FortiProxy Authentication Bypass
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability. Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.
- CISA KEV-listed (remediation due 2025-04-08)
- used in ransomware campaigns
- EPSS 10.4% (93.4% percentile)