Main Vulnerability Database Vulnerabilities #VU111051

Improper certificate validation in FortiOS - CVE-2025-24471

Published: June 11, 2025

Vulnerability identifier: #VU111051

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-24471

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiOS

Detailed vulnerability description

The vulnerability allows a remote authenticated user to manipulate data.

The vulnerability exists due to improper certificate validation via revoked certificate. An eap verified remote user can connect from FortiClient via revoked certificate.

How to mitigate CVE-2025-24471

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-24-544

Improper certificate validation in FortiOS - CVE-2025-24471

Detailed vulnerability description

How to mitigate CVE-2025-24471

Sources

Please verify you're human