Fortinet Issues Security Updates Amid Ongoing Attacks on Vulnerabilities

Fortinet has announced the release of critical security updates for a range of its products, as attackers exploit various vulnerabilities. One specific vulnerability, deemed critical, is already under active attack.

The vulnerability in question affects both FortiOS and FortiProxy and is an update to a previous security advisory issued in January. This vulnerability allows for authentication bypass in the Node.js WebSocket module, registered as CVE-2024-55591 with a CVSS score of 9.6, indicating a critical risk. Additionally, a new vulnerability has emerged, marked as CVE-2025-24472, which carries a CVSS score of 8.1, signifying a high risk level. According to Fortinet, attackers can gain super-admin privileges by sending specially crafted requests to the Node.js WebSocket module or by using manipulated CSF proxy requests.

Fortinet's advisory indicates that this specific vulnerability is currently being exploited on the internet. To assist administrators in identifying potential compromises, the company has provided indicators of compromise (IOCs) that can help verify if networks have already been targeted. The affected versions of FortiOS range from 7.0.0 to 7.0.16, while version 7.0.17 or newer resolves the issue. For FortiProxy, versions 7.2.0 to 7.2.12 are impacted, with the updated version 7.2.13 addressing the vulnerability, and for versions 7.0.0 to 7.0.19, version 7.0.20 or newer is required.

In addition to these critical updates, Fortinet has released numerous other security updates across various products, including FortiAnalyzer, FortiPAM, FortiSwitchManager, FortiClient for both Mac and Windows, FortiSandbox, and FortiManager. However, the Fortinet PSIRT website has experienced some instability, occasionally displaying error messages. Administrators are advised to review the updates for all utilized devices within their networks and apply the necessary patches promptly.