%20Abstract%20Background%20112024%20SOURCE%20Amazon.jpg)
![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
-Nintendo-Switch-2-–-Overview-trailer-00-00-10.png?width=1920&height=1920&fit=bounds&quality=80&format=jpg&auto=webp#)
_Anna_Berkut_Alamy.jpg?#)
![Pixel 9a gets early teardown: Vapor chamber, cameras, more [Video]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/04/Pixel-9a-teardown-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![YouTube Announces New Creation Tools for Shorts [Video]](https://www.iclarified.com/images/news/96923/96923/96923-640.jpg)
![[Weekly funding roundup March 29-April 4] Steady-state VC inflow pre-empts Trump tariff impact](https://images.yourstory.com/cs/2/220356402d6d11e9aa979329348d4c3e/WeeklyFundingRoundupNewLogo1-1739546168054.jpg)
FortiOS & FortiProx 0-Day Allows Attackers Hijacks Firewall & Gain Super Admin Access
Fortinet has issued an urgent warning about actively exploiting an already patched authentication bypass zero-day vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products. This critical flaw allows remote attackers to gain super-admin privileges by sending maliciously crafted CSF proxy requests. The vulnerability impacts FortiOS versions 7.0.0 through 7.0.16, FortiProxy versions 7.0.0 through 7.0.19, and 7.2.0 […] The post FortiOS & FortiProx 0-Day Allows Attackers Hijacks Firewall & Gain Super Admin Access appeared first on Cyber Security News.
Fortinet has issued an urgent warning about actively exploiting an already patched authentication bypass zero-day vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products.
This critical flaw allows remote attackers to gain super-admin privileges by sending maliciously crafted CSF proxy requests. The vulnerability impacts FortiOS versions 7.0.0 through 7.0.16, FortiProxy versions 7.0.0 through 7.0.19, and 7.2.0 through 7.2.12.”
Fortinet has rolled out critical security updates to address multiple high-risk Vulnerabilities across its product portfolio, including FortiOS, FortiProxy, FortiManager, and FortiAnalyzer.
Details of Exploitation
The vulnerability has reportedly been exploited in the wild, enabling threat actors to hijack Fortinet firewalls and breach enterprise networks.
Attackers have been observed creating rogue admin or local user accounts on affected devices, modifying firewall policies, and adding these accounts to SSL VPN user groups to establish unauthorized tunnels into internal networks.
“An Authentication Bypass Using an Alternate Path or Channel vulnerability affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module or via crafted CSF proxy requests.” Fortinet stated.
Fortinet added CVE to this issue as part of an update to a previous advisory regarding another zero-day vulnerability (CVE-2024-55591), which also enabled attackers to gain super-admin privileges through malicious requests targeting the Node.js websocket module in the same software versions.
Cybersecurity firm Arctic Wolf has identified matching indicators of compromise (IOCs) linked to these vulnerabilities, noting that attackers have targeted internet-exposed management interfaces on Fortinet devices since mid-November 2024. Their analysis revealed a phased attack campaign:
The Vulnerability Scanning phase is scheduled to take place from November 16 to 23, 2024, followed by the Reconnaissance phase from November 22 to 27, 2024. Subsequently, the SSL VPN Configuration will occur between December 4 and 7, 2024. Finally, the Lateral Movement phase will be conducted from December 16 to 27, 2024.
Arctic Wolf observed unauthorized administrative logins, creation of new accounts, and configuration changes across victim organizations.
“The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes.”
Mitigation Recommendations
Fortinet has urged administrators to immediately secure vulnerable devices by applying the latest patches:
- Upgrade FortiOS to version 7.0.17 or higher
- Upgrade FortiProxy to version 7.2.13 or higher (or 7.0.20 for earlier branches)
For those unable to patch immediately, Fortinet advises disabling HTTP/HTTPS administrative interfaces or restricting access to trusted IP addresses via local-in policies.
“While the initial access vector is not definitively confirmed, a zero-day vulnerability is highly probable. Organizations should urgently disable firewall management access on public interfaces as soon as possible.”
Organizations using affected versions are strongly encouraged to act swiftly to mitigate risks by applying patches or implementing recommended workarounds. Monitoring for unusual activity and reviewing logs for evidence of unauthorized access are also critical steps in securing networks against this ongoing threat.
This development underscores the importance of maintaining up-to-date security practices and limiting public exposure of critical management interfaces in enterprise environments.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates
The post FortiOS & FortiProx 0-Day Allows Attackers Hijacks Firewall & Gain Super Admin Access appeared first on Cyber Security News.
 (1).webp?#)
