The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that a critical vulnerability in Fortinet products is being actively exploited in a ransomware campaign. The vulnerability, CVE-2025-24472, is an authentication bypass using an alternate path that affects FortiOS from version 7.0.0 to 7.0.16 and FortiProxy from version…
Fortinet has disclosed a new critical zero-day vulnerability affecting some of its FortiGate firewalls.
In a security advisory published on January 14, FortiGuard Labs revealed a new authentication bypass vulnerability affecting FortiOS and FortiProxy that could be exploited to hack FortiGate devices.
The flaw, CVE-2024-55591, was allocated a CVSS score of 9.6, indicating critical severity. Fortinet also confirmed reports claiming the vulnerability is actively exploited in the wild.
This new disclosure comes five days after Arctic Wolf said it observed a massive exploitation campaign affecting FortiGate firewall devices with management interfaces exposed on the public internet since December 2024.
Arctic Wolf researchers saw threat actors altering firewall configurations and extracting credentials using DCSync.
“While the initial access vector used in this campaign is not yet confirmed, Arctic Wolf Labs assesses with high confidence that mass exploitation of a zero-day vulnerability is likely given the compressed timeline across affected organizations as well as firmware versions affected,” the advisory said.
Authentication Bypass Affecting FortiOS and FortiProxy
CVE-2024-55591 allows an authentication bypass using an alternate path or channel weakness in FortiOS and FortiProxy. When exploited, it can allow a remote attacker to gain super-admin privileges via crafted requests to a Node.js web socket module.
It affects FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 and versions 7.2.0 through 7.2.12.
No other FortiOS and FortiProxy versions are affected, the FortiGuard Labs advisory said.
Sysadmins have been urged to prioritize updating a new critical vulnerability in Fortinet’s FortiSIEM solution, as exploit code is currently circulating in the wild. Published on Tuesday, CVE-2025-25256 is an escalation of privilege vulnerability with a CVSS score of 9.8. “An improper neutralization of special elements used in…
Cisco has disclosed a critical vulnerability in its Secure Firewall Management Center (FMC) Software. The remote code execution (RCE) flaw, CVE-2025-20265, has a maximum CVSS severity score of 10.0. Customers have been urged to apply software updates as soon as possible to avoid potential compromise. The vulnerability is…
Introduction Implementing Security Service Edge (SSE) does not simply mean replacing components in the existing security architecture. It is a fundamentally different approach that requires extensive changes in the areas of infrastructure security, cloud security, and identity and access management. Additionally, these changes must be managed under a…
Secure network transformation is becoming increasingly important in our tech-driven world. With hybrid working, multi-cloud environments, and AI initiatives becoming the norm, it's more crucial than ever to ensure our networks are secure and truly transformational. Evolution vs. True Transformation The term "transformation" often gets thrown around, but…