Zero-Day Drama: Fortinet Firewalls Hijacked by Crafty Hackers!
Threat actors are exploiting a zero-day vulnerability in FortiOS and FortiProxy, tracked as CVE-2025-24472, to hijack Fortinet firewalls. This flaw allows attackers to gain super-admin privileges, create rogue users, and modify firewall policies. Fortinet has patched the issue and provided mitigation steps to prevent unauthorized access.
Hot Take:
Oh, Fortinet! It seems your firewalls are as reliable as a screen door on a submarine. Who knew that a clever hacker could waltz in and gain super-admin privileges like they’re ordering a latte? Well, at least the zero-day vulnerability is now patched. So, if you’ve been relying on Fortinet to guard your digital fortress, maybe keep a fire extinguisher handy just in case!
Key Points:
- A zero-day vulnerability (CVE-2025-24472) in FortiOS and FortiProxy allowed attackers to hijack Fortinet firewalls.
- The flaw, an authentication bypass issue, grants remote super-admin privileges through malicious CSF proxy requests.
- The vulnerability impacted specific versions of FortiOS and FortiProxy, but it has been patched since.
- Threat actors exploited this flaw to create rogue users, modify policies, and access internal networks via SSL VPNs.
- Arctic Wolf Labs tracked a campaign exploiting the flaw in four phases, including vulnerability scanning and lateral movement.
Already a member? Log in here