- 34/2025
- High
Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, bypass security restrictions, conduct cross-site scripting attacks, or execute arbitrary codes/commands and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. FortiOS And FortiProxy Security Bypass Vulnerability (CVE-2025-24472):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Security Bypass
2. Fortinet FortiOS Privilege Escalation Vulnerability (CVE-2024-40591):
- CVSS: 8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Privilege Escalation
Sample of the affected products:
- FortiManager.
- FortiAnalyzer.
- FortiOS.
- FortiProxy.
- FortiPAM.
- FortiSwitchManager.
- FortiClientMac.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.