CVE-2025-24472

Critical FortiSwitch flaw lets hackers change admin passwords remotely By Sergiu Gatlan April 9, 2025 12:09 PM 0 Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. The company says Daniel Rozeboom of the FortiSwitch web UI development team discovered the vulnerability (CVE-2024-48887) internally. Unauthenticated attackers can exploit this unverified FortiSwitch GUI password change securi...

New SuperBlack ransomware exploits Fortinet auth bypass flaws By Bill Toulas March 13, 2025 03:57 PM 0 A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. The two vulnerabilities, both authentication bypasses, are CVE-2024-55591 and CVE-2025-24472, which Fortinet disclosed in January and February, respectively. When Fortinet first disclosed CVE-2024-5...

Fortinet discloses second firewall auth bypass patched in January By Sergiu Gatlan February 11, 2025 01:56 PM 1 Update 2/11/25 07:32 PM ET: After publishing our story, Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January. Furthermore, even though today's updated advisory indicates that both flaws were exploited in attacks and even includes a workaround for the new CSF proxy requests exploitati...

Fortinet warns of new zero-day exploited to hijack firewalls By Sergiu Gatlan February 11, 2025 01:56 PM 1 Fortinet warned today that attackers are exploiting another now-patched zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. Successful exploitation of this authentication bypass vulnerability (CVE-2025-24472) allows remote attackers to gain super-admin privileges by making maliciously crafted CSF proxy requests.  The security flaw im...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources It's March already and you haven't patched?

Researchers are tracking a newly discovered ransomware group with suspected links to LockBit after a series of intrusions were reported starting in January. Forescout said the group it's tracking as Mora_001 exploited two Fortinet vulnerabilities to gain an initial foothold in victim environments before securing persistence and ultimately deploying a new ransomware researchers dubbed SuperBlack. Both CVE-2024-55591 and CVE-2025-24472 are authentication bypass vulnerabilities disclosed by Fortine...