Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/screaminggoat/statuses/113986913463438541">screaminggoat (screaminggoat@infosec.exchange)'s status on Thursday, 13-Feb-2025 03:41:56 JST</a><a href="https://infosec.exchange/@screaminggoat" title="screaminggoat@infosec.exchange"><img src="https://gnusocial.jp/avatar/278335-48-20250102170004.webp" width="48" height="48" alt="screaminggoat" style="position: absolute; left: 0; top: 0;">screaminggoat</a><div><a href="https://infosec.exchange/@screaminggoat/113986875105156497" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p>Happy <a href="https://infosec.exchange/tags/PatchTuesday" rel="tag">#PatchTuesday</a>: Exploited Fortinet zero-day??? <a href="https://fortiguard.fortinet.com/psirt/FG-IR-24-535" rel="nofollow">FG-IR-24-535</a><br>CVE-2025-24472 (8.1 high) Authentication bypass in Node.js websocket module and CSF requests<br>If this security advisory looks familiar, that's because it belongs to the previous Fortinet exploited zero-day <a href="https://www.cve.org/CVERecord?id=CVE-2024-55591" rel="nofollow">CVE-2024-55591</a> (9.6 critical) . This was tacked onto the same advisory, with no context other than the changelog:</p><p>2025-02-11: Added CVE-2025-24472 and its acknowledgement</p><p><a href="https://infosec.exchange/@BleepingComputer">@BleepingComputer</a> seems to think it is: <a href="https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-zero-day-exploited-to-hijack-firewalls/" rel="nofollow">Fortinet warns of new zero-day exploited to hijack firewalls</a> but I'm skeptical.</p><p><a href="https://infosec.exchange/tags/fortinet" rel="tag">#fortinet</a> <a href="https://infosec.exchange/tags/infosec" rel="tag">#infosec</a> <a href="https://infosec.exchange/tags/CVE_2024_55591" rel="tag">#CVE_2024_55591</a> <a href="https://infosec.exchange/tags/vulnerability" rel="tag">#vulnerability</a> <a href="https://infosec.exchange/tags/cve" rel="tag">#cve</a> <a href="https://infosec.exchange/tags/CVE_2025_24472" rel="tag">#CVE_2025_24472</a> <a href="https://infosec.exchange/tags/cybersecurity" rel="tag">#cybersecurity</a> <a href="https://infosec.exchange/tags/eitw" rel="tag">#eitw</a> <a href="https://infosec.exchange/tags/activeexploitation" rel="tag">#activeexploitation</a> <a href="https://infosec.exchange/tags/zeroday" rel="tag">#zeroday</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4554181#notice-8915715">In conversation</a><time datetime="2025-02-13T03:41:56+09:00" title="Thursday, 13-Feb-2025 03:41:56 JST">about 19 days ago</time> <span>from <span><a href="https://infosec.exchange/@screaminggoat/113986913463438541" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@screaminggoat/113986913463438541">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
screaminggoat (screaminggoat@infosec.exchange)'s status on Thursday, 13-Feb-2025 03:41:56 JSTscreaminggoat
in reply to
- BleepingComputer
Happy #PatchTuesday: Exploited Fortinet zero-day??? FG-IR-24-535
CVE-2025-24472 (8.1 high) Authentication bypass in Node.js websocket module and CSF requests
If this security advisory looks familiar, that's because it belongs to the previous Fortinet exploited zero-day CVE-2024-55591 (9.6 critical) . This was tacked onto the same advisory, with no context other than the changelog:
2025-02-11: Added CVE-2025-24472 and its acknowledgement
@BleepingComputer seems to think it is: Fortinet warns of new zero-day exploited to hijack firewalls but I'm skeptical.
#fortinet #infosec #CVE_2024_55591 #vulnerability #cve #CVE_2025_24472 #cybersecurity #eitw #activeexploitation #zeroday
In conversationabout 19 days ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice