CVE-2025-24471 | THREATINT

Description

An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.

PUBLISHED Reserved 2025-01-21 | Published 2025-06-10 | Updated 2025-06-10 | Assigner fortinet

MEDIUM: 6.0CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C

Problem types

Improper access control

Product status

Default status

unaffected

7.6.0 (semver)

affected

7.4.0 (semver)

affected

References

fortiguard.fortinet.com/psirt/FG-IR-24-544

cve.org (CVE-2025-24471)

nvd.nist.gov (CVE-2025-24471)

Download JSON