Main Vulnerability Database Vulnerabilities #VU111051

#VU111051 Improper certificate validation in FortiOS - CVE-2025-24471

Published: June 11, 2025

Vulnerability identifier: #VU111051

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-24471

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiOS

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote authenticated user to manipulate data.

The vulnerability exists due to improper certificate validation via revoked certificate. An eap verified remote user can connect from FortiClient via revoked certificate.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-24-544

#VU111051 Improper certificate validation in FortiOS - CVE-2025-24471

Description

Remediation

External links

Please verify you're human