Metrics
Affected Vendors & Products
Solution
Please upgrade to FortiProxy version 7.2.13 or above Please upgrade to FortiProxy version 7.0.20 or above Please upgrade to FortiOS version 7.0.17 or above
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://fortiguard.fortinet.com/psirt/FG-IR-24-535 |
![]() ![]() |
Fri, 08 Aug 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-306 |
Thu, 07 Aug 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests. | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to gain super-admin privileges on the downstream device, if the Security Fabric is enabled, via crafted CSF proxy requests. |
Wed, 19 Mar 2025 20:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Fortinet fortiproxy
|
|
Weaknesses | CWE-306 | |
CPEs | cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Fortinet fortiproxy
|
Tue, 18 Mar 2025 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|
Tue, 18 Mar 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
ssvc
|
Wed, 12 Feb 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 11 Feb 2025 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests. | |
First Time appeared |
Fortinet
Fortinet fortios |
|
Weaknesses | CWE-288 | |
CPEs | cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* |
|
Vendors & Products |
Fortinet
Fortinet fortios |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: fortinet
Published:
Updated: 2025-08-07T16:22:28.740Z
Reserved: 2025-01-21T20:48:07.886Z
Link: CVE-2025-24472

Updated: 2025-02-12T20:36:04.504Z

Status : Analyzed
Published: 2025-02-11T17:15:34.867
Modified: 2025-08-08T16:06:31.493
Link: CVE-2025-24472

No data.

No data.