CVE-2025-24472

HighKnown ExploitedRansomware

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy…

fortinet·CWE-288·Published 2025-02-11

CVSS

8.1

EPSS

0.03

KEV

Yes

Exploits

Attributed to:Mora_001

cve.orgen

419 chars

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to gain super-admin privileges on the downstream device, if the Security Fabric is enabled, via crafted CSF proxy requests.

NVDen

419 chars

NVDes

304 chars

Una vulnerabilidad de omisión de autenticación mediante una ruta o canal alternativo [CWE-288] que afecta a FortiOS 7.0.0 a 7.0.16 y FortiProxy 7.2.0 a 7.2.12, 7.0.0 a 7.0.19 puede permitir que un atacante remoto obtenga privilegios de superadministrador a través de solicitudes de proxy CSF manipuladas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.1	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:C
3.1	Primary	cve.org	8.1	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:C
3.1	Secondary	NVD	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H