Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-24471

An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.

Published

2025-06-10T17:21:16.277

Last Modified

2025-07-22T17:57:19.240

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortisase	25.1.39	Yes
Operating System	fortinet	fortios	< 7.4.8	Yes
Operating System	fortinet	fortios	< 7.6.2	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-544 Vendor Advisory ([email protected])