Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: FORTINET PATCHED MULTIPLE VULNERABILITIES, ONE VULNERABILITY IS ALREADY ACTIVELY EXPLOITED, PATCH IMMEDIATELY!
Image
Published : 12/02/2025
Reference:
Advisory #2025-32
Version:
1.0
Affected software:
Fortinet FortiOS
Fortinet FortiOS CAPWAP control
Fortinet FortiProxy
Type:
Multiple types
CVE/CVSS:
CVE-2025-24472
CVSS 8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)CVE-2024-40591
CVSS 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)CVE-2024-35279
CVSS 8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
- https://fortiguard.fortinet.com/psirt/FG-IR-24-535
- https://fortiguard.fortinet.com/psirt/FG-IR-24-302
- https://fortiguard.fortinet.com/psirt/FG-IR-24-160
Risks
Fortinet patched several critical vulnerabilities in products across its portfolio, including FortiOS, FortiProxy, FortiManager, and FortiAnalyzer.
Fortinet has issued another warning about a previously patched vulnerability (CVE-2024-55591) while also disclosing a new vulnerability (CVE-2025-24472) in FortiOS and FortiProxy. CVE-2024-55591, which was patched last month, is actively being exploited. The newly published CVE-2025-24472 is essentially the same flaw but affects a different interface within the same module. Organizations that applied the patch for CVE-2024-55591 are also protected against CVE-2025-24472. However, if only access to /ws/ was blocked as a workaround, the device remains vulnerable.
The second critical vulnerability patched by Fortinet is CVE-2024-40591, an incorrect privilege assignment vulnerability, in the FortiOS Security Fabric. This flaw could enable an authenticated administrator with a Security Fabric access profile to escalate their privileges to super-admin.
The final critical vulnerability patched by Fortinet is CVE-2024-35279, a stack-based buffer overflow in FortiOS CAPWAP control. This flaw could allow a remote, unauthenticated attacker to execute arbitrary code or commands by sending specially crafted UDP packets.
Additionally, Fortinet has patched several other high-severity vulnerabilities.
Description
CVE-2025-24472 - Authentication bypass – FortiOS & FortiProxy
Fortinet has updated its advisory on CVE-2024-55591 to include a newly disclosed vulnerability, CVE-2025-24472. This new flaw is highly similar to the previously patched CVE-2024-55591, which is being actively exploited. Given their similarities, CVE-2025-24472 is also expected to be targeted. Both vulnerabilities have been assigned a CVSS score of 8.1. Organizations that have already patched for CVE-2024-55591 are also protected against CVE-2025-24472. However, if only access to /ws/ was blocked as a workaround, the system remains vulnerable.
CVE-2024-40591 – Escalation of privilege - FortiOS security fabric
CVE-2024-40591 is a privilege escalation vulnerability in FortiOS Security Fabric that could allow an authenticated administrator with Security Fabric permissions to elevate their privileges to super-admin by connecting the targeted FortiGate to a malicious upstream FortiGate under their control. The vulnerability received a CVSS score of 8.8.
CVE-2024-35279 – Stack-based buffer overflow vulnerability - FortiOS CAPWAP
CVE-2024-35279 is a stack-based buffer overflow vulnerability in FortiOS CAPWAP control that could allow a remote, unauthenticated attacker to execute arbitrary code or commands by sending specially crafted UDP packets. Exploitation is possible if the attacker bypasses FortiOS stack protections and the Fabric service is running on the exposed interface. This vulnerability has been assigned a CVSS score of 8.1.
All Fortinet advisories: https://fortiguard.fortinet.com/psirt
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.