CVE-2025-24471
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-10

Last updated on: 2025-07-22

Assigner: Fortinet, Inc.

Description
An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-10
Last Modified
2025-07-22
Generated
2026-05-07
AI Q&A
2025-06-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-24471
EUVD
EUVD-2025-17804
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
fortinet fortios From 7.4.0 (inc) to 7.4.9 (inc)
fortinet fortisase 25.1.39
fortinet fortios From 7.4.0 (inc) to 7.4.9 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Improper Certificate Validation issue in FortiOS versions 7.6.1 and below, and 7.4.7 and below. It may allow a remote user who is verified via EAP to connect from FortiClient using a revoked certificate, bypassing proper certificate validation.


How can this vulnerability impact me? :

An attacker with a revoked certificate could still connect remotely via FortiClient, potentially leading to unauthorized access or misuse of network resources. This could compromise the integrity of the system by allowing connections that should have been blocked.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart