Summary
New vulnerabilities have been discovered in multiple products, including four with a severity of “high.” These vulnerabilities could allow access to sensitive information, execution of arbitrary commands, and elevation of user privileges on affected systems.
Note: The vendor states that CVE-2025-24472 is being actively exploited online.
Risk
Vulnerability Community Impact Estimation: Critical (77.05)
Type
- Arbitrary Code Execution
- Information Disclosure
- Privilege Escalation
Affected Products and Versions
- FortiPortal 7.0.x, from version 7.0.0 to 7.0.11
- FortiPortal 7.2.x, from version 7.2.0 to 7.2.6
- FortiPortal 7.4.x, from version 7.4.0 to 7.4.2
- FortiOS 6.4.x
- FortiOS 7.0.x, from version 7.0.0 to 7.0.16
- FortiOS 7.2.x, from version 7.2.0 to 7.2.9
- FortiOS 7.4.x, from version 7.4.0 to 7.4.4
- FortiOS 7.6.x
- FortiProxy 7.0.x, from version 7.0.0 to 7.0.19
- FortiProxy 7.2.x, from version 7.2.0 to 7.2.12
Mitigations
In line with vendor statements, it is recommended to apply mitigations following the guidance in the security bulletins available in the References section.
Finally, it is recommended to evaluate the implementation of the Indicators of Compromise (IoC)[1] reported in the security bulletins.
The following are the CVEs related to the vulnerabilities with a severity of “high”:
[1] By definition, not all indicators of compromise are malicious. This CSIRT has no responsibility for implementing any proactive actions (e.g. blocklisting IoCs) related to the indicators provided. The information contained in this document represents the best understanding of the threat at the time of release.
References
https://fortiguard.fortinet.com/psirt/FG-IR-24-302
https://fortiguard.fortinet.com/psirt/FG-IR-24-160
https://fortiguard.fortinet.com/psirt/FG-IR-24-535
https://fortiguard.fortinet.com/psirt/FG-IR-25-015
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
