Fortinet Product Security Update Advisory

Feb 18 2025

Overview

We have released security updates to fix vulnerabilities in Fortinet products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2024-55591, cVE-2025-24472

FortiOS Versions: 7.0.0 through 7.0.16 (inclusive)
FortiProxy versions: 7.2.0 through 7.2.12 (inclusive)
FortiProxy versions: 7.0.0 through 7.0.19 (inclusive)

Resolved Vulnerabilities

Authentication Bypass Using Alternate Path or Channel Vulnerability (CVE-2024-55591)
Authentication bypass vulnerability using an alternate path or channel (CVE-2025-24472)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-55591, CVE-2025-24472

FortiOS version: 7.0.17 or at least
FortiProxy version: 7.2.13 or at least
FortiProxy version: 7.0.20 and at least

References

[1] Authentication bypass in Node.js websocket module and CSF requests
https://fortiguard.fortinet.com/psirt/FG-IR-24-535

Fortinet Product Security Update Advisory

F5 Product Security Update Advisory (CVE-2025-23412)

WinZip Security Update Advisory (CVE-2025-1240)

Tags:

F5 Product Security Update Advisory (CVE-2025-23412)

WinZip Security Update Advisory (CVE-2025-1240)