Happy #PatchTuesday: Exploited **Fortinet** zero-day??? [FG-IR-24-535](https://fortiguard.fortinet.com/psirt/FG-IR-24-535 )
CVE-2025-24472 (8.1 high) Authentication bypass in Node.js websocket module and CSF requests
If this security advisory looks familiar, that's because it belongs to the previous Fortinet exploited zero-day [CVE-2024-55591](https://www.cve.org/CVERecord?id=CVE-2024-55591 ) (**9.6 critical**) . This was tacked onto the same advisory, with no context other than the changelog:
> 2025-02-11: Added CVE-2025-24472 and its acknowledgement
BleepingComputer (npub1pkr…6763) seems to think it is: [Fortinet warns of new zero-day exploited to hijack firewalls](https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-zero-day-exploited-to-hijack-firewalls/ ) but I'm skeptical.
#fortinet #infosec #CVE_2024_55591 #vulnerability #cve #CVE_2025_24472 #cybersecurity #eitw #activeexploitation #zeroday
Not Simon 🐐
npub14g…xznd6
2025-02-11 19:31:08 UTC
in reply to nevent1q…hjxf
Author Public Key
npub14g0mj0fmn0sepfuhp2wupyk7d8xyz7rezpmrx2gfsav9vxlwxypq4xznd6Seen on
wss://relay.momostr.pinkPublished at
2025-02-11 19:31:08 UTCEvent JSON
{
"id": "a31d84564a102bfe3b6736f0b1071b47ac0c0150b5ec8ff30f9c0470d8cf3aa4",
"pubkey": "aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102",
"created_at": 1739302268,
"kind": 1,
"tags": [
[
"e",
"31fe37ea949b57016a89374d925f929ecde46d422c5a8766798f44cca5e9704a",
"",
"root",
"aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102"
],
[
"t",
"eitw"
],
[
"proxy",
"https://infosec.exchange/@screaminggoat/113986913463438541",
"web"
],
[
"t",
"vulnerability"
],
[
"t",
"patchtuesday"
],
[
"t",
"zeroday"
],
[
"e",
"3d491a06cc645ec5fdfdb98a76e3043f53a488b913d36b83bc9c2a6672aed8b5",
"",
"reply",
"aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102"
],
[
"t",
"cve"
],
[
"t",
"cve_2024_55591"
],
[
"t",
"activeexploitation"
],
[
"p",
"0d873008be129d8b236e47f16c6108d533d9b1d17059c8661e9841f633505bf5"
],
[
"t",
"fortinet"
],
[
"t",
"infosec"
],
[
"p",
"aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102"
],
[
"t",
"cybersecurity"
],
[
"t",
"cve_2025_24472"
],
[
"proxy",
"https://infosec.exchange/users/screaminggoat/statuses/113986913463438541",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/screaminggoat/statuses/113986913463438541",
"pink.momostr"
],
[
"-"
]
],
"content": "Happy #PatchTuesday: Exploited **Fortinet** zero-day??? [FG-IR-24-535](https://fortiguard.fortinet.com/psirt/FG-IR-24-535 )\nCVE-2025-24472 (8.1 high) Authentication bypass in Node.js websocket module and CSF requests\nIf this security advisory looks familiar, that's because it belongs to the previous Fortinet exploited zero-day [CVE-2024-55591](https://www.cve.org/CVERecord?id=CVE-2024-55591 ) (**9.6 critical**) . This was tacked onto the same advisory, with no context other than the changelog:\n\n\u003e 2025-02-11: Added CVE-2025-24472 and its acknowledgement\n\nnostr:npub1pkrnqz97z2wckgmwglckccgg65eanvw3wpvuses7npqlvv6st06svz6763 seems to think it is: [Fortinet warns of new zero-day exploited to hijack firewalls](https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-zero-day-exploited-to-hijack-firewalls/ ) but I'm skeptical.\n\n#fortinet #infosec #CVE_2024_55591 #vulnerability #cve #CVE_2025_24472 #cybersecurity #eitw #activeexploitation #zeroday",
"sig": "e70a2ba138702d325fd8c0ef7137ca5d3424d2ea05a2cedaf3b26eed7c7b38f2deb3c952922f28e17b001ced70f2250e198cce37bbd5b299902ddd64ae5b0aa6"
}