Fortinet Product Security Update Advisory (CVE-2025-24470)

Mar 05 2025

Overview

We have released a security update that resolves a vulnerability in the following products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-24470

FortiPortal 7.4 Versions: 7.4.0 through 7.4.2 (inclusive)
FortiPortal 7.2 Versions: 7.2.0 through 7.2.6 (inclusive)
FortiPortal 7.0 versions: 7.0.0 through 7.0.11 (inclusive)

Resolved Vulnerabilities

Vulnerability that could allow a remote, unauthenticated attacker to disclose source code by crafting certain HTTP requests (CVE-2025-24470)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-24470

FortiPortal 7.4 version: 7.4.3 and later
FortiPortal 7.2 Version: 7.2.7 and later
FortiPortal 7.0 Version: 7.0.12 and later

References

[1] Off-by-slash vulnerability in Nginx config
https://fortiguard.fortinet.com/psirt/FG-IR-25-015

Fortinet Product Security Update Advisory (CVE-2025-24470)

IBM Product Security Update Advisory

Broadcom Product Security Update Advisory

Tags:

IBM Product Security Update Advisory

Broadcom Product Security Update Advisory