CVE-2025-24472: FortiOS Authentication Bypass (Super Admin)

Q: Can FortiOS be compromised without credentials?

Yes, CVE-2025-24472 allows unauthenticated attackers to gain super_admin privileges on FortiOS devices via crafted requests. Exploited by ransomware operators.

CRITICAL

9.6CRITICAL

Published: 2025-02-11Affected: FortiOS 7.0.0-7.0.16CWE-288 ↗

Can FortiOS be compromised without credentials?

An authentication bypass using an alternate path in FortiOS. Remote attackers can gain super_admin privileges via crafted CSF proxy requests, enabling complete device takeover without credentials.

Impact & Exploitation

Exploited by ransomware operators to gain initial access to corporate networks. Super admin access enables firewall rule modification, traffic interception, and VPN credential theft.

How Precogs AI Detects FortiOS Authentication Bypass (Super Admin)

Precogs AI Binary SAST analyzes FortiOS firmware for authentication bypass patterns in administrative interfaces and CSF proxy implementations.

Scan for CVE-2025-24472

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

CVE-2025-24472: FortiOS Authentication Bypass (Super Admin)

Can FortiOS be compromised without credentials?

Impact & Exploitation

How Precogs AI Detects FortiOS Authentication Bypass (Super Admin)

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?

Can FortiOS be compromised without credentials?

Impact & Exploitation

How Precogs AI Detects FortiOS Authentication Bypass (Super Admin)

Related Resources

🛡️ Notable Vulnerabilities

🔗 External References

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?