CVE-2025-24472 is an authentication bypass vulnerability categorized under CWE-288 that impacts Fortinet FortiProxy versions 7.2.0 through 7.2.12 and FortiOS versions 7.0.0 through 7.0.19. The vulnerability arises when the Security Fabric feature is enabled, which integrates multiple Fortinet devices for centralized management and security orchestration. An attacker who remotely crafts specific CSF proxy requests and possesses prior knowledge of the serial numbers of both upstream and downstream devices can bypass authentication controls. This bypass grants the attacker super-administrative privileges on the downstream device without requiring any authentication or user interaction. The vulnerability allows execution of arbitrary code or commands, leading to full compromise of the device. The CVSS v3.1 score of 8.1 reflects the vulnerability's network attack vector, high impact on confidentiality, integrity, and availability, and the complexity of exploitation being high due to the need for serial number knowledge. Although no public exploits are reported yet, the potential for severe damage is significant given Fortinet's widespread deployment in enterprise and critical infrastructure environments. The vulnerability affects devices that are part of a Security Fabric, a common configuration in large organizations, increasing the attack surface and potential impact.

The impact of CVE-2025-24472 on European organizations is substantial. Successful exploitation results in unauthorized super-admin access, enabling attackers to execute arbitrary code, manipulate configurations, exfiltrate sensitive data, disrupt network operations, or pivot within the network. This compromises confidentiality, integrity, and availability of critical network security infrastructure. Organizations relying on Fortinet Security Fabric for centralized management face increased risk of lateral movement and widespread compromise. Critical sectors such as finance, energy, telecommunications, and government agencies in Europe could experience operational disruptions, data breaches, and regulatory non-compliance. The requirement of prior knowledge of device serial numbers somewhat limits exploitation but does not eliminate risk, as such information can be leaked or inferred in targeted attacks. The absence of known exploits currently provides a window for proactive mitigation, but the high severity demands urgent attention.

1. Apply patches and updates from Fortinet immediately once available for FortiProxy and FortiOS versions affected by this vulnerability. 2. Restrict network access to management interfaces and Security Fabric communication channels using network segmentation, firewalls, and access control lists to limit exposure to untrusted networks. 3. Implement strict monitoring and logging of CSF proxy requests and Security Fabric communications to detect anomalous or unauthorized activity indicative of exploitation attempts. 4. Rotate and protect device serial numbers and related identifiers to reduce the risk of information leakage that could aid attackers. 5. Employ multi-factor authentication and strong credential management for administrative access to Fortinet devices, even though this vulnerability bypasses authentication, to reduce overall attack surface. 6. Conduct regular security audits and penetration testing focusing on Security Fabric configurations to identify and remediate potential weaknesses. 7. Develop and test incident response plans specific to network security device compromise to ensure rapid containment and recovery.