Fortinet Authentication Bypass:A Critical Exploit You Can’t Ignore

Imagine waking up to your organization's security perimeter being compromised because of a critical authentication vulnerability exploited in the wild. That is exactly the threat that organizations face today, with recently found vulnerabilities in Fortinet FortiOS and FortiProxy, now highlighted by CISA as being actively exploited.

The Newest CISA Alert: What's at Stake?

On March 18, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) included two Fortinet vulnerabilities in its Known Exploited Vulnerabilities Catalog with an urgent action recommendation. The vulnerabilities are a high-risk threat as they enable remote attackers to obtain super-admin privileges and completely bypass authentication controls.

Fortinet FortiOS and FortiProxy Authentication Bypass: CVE-2025-24472

Affected Versions:

FortiOS: 7.0.0 to 7.0.16

FortiProxy: 7.0.0 to 7.0.19, 7.2.0 to 7.2.12

Attack Method: CSF proxy requests with crafted requests

Severity: Critical (CVSS 9.8)

Risk: Permits unauthorized access, which allows complete takeover of impacted systems.

Malicious Code in tj-actions/changed-files GitHub Action: CVE-2025-30066

Problem: Attackers inserted malicious code into a commonly used GitHub Action.

Consequence: Possibility of supply chain attacks on CI/CD pipelines.

These are not theoretical threats; they are being exploited, so remediation is required urgently.

Why This Matters

Authentication bypass vulnerabilities are one of the most critical security vulnerabilities. They disable the first line of defense, enabling attackers to function as privileged users without credentials. The consequences are:

• Unauthorized Access: Attackers can penetrate networks undetected.
• Data Breach Risks: Sensitive data can be exfiltrated or tampered with.
• Ransomware & Lateral Movement: Compromised systems can be used as entry points for further organizational attacks.

How to Protect Your Organization

CISA strongly urges all organizations to take the following action: 

1. Apply Vendor Patches Immediately

• Patches for these vulnerabilities have been issued by Fortinet. Organizations need to update their FortiOS and FortiProxy installations as soon as possible.

2. Implement Zero-Trust Principles

• Treat each access request as possibly malicious.
• Enforce robust authentication and access control practices.

3. Monitor for Indicators of Compromise (IoCs)

• Audit logs regularly for suspicious activity.
• Configure automated alerts for suspicious authentication attempts.

4. Secure Your CI/CD Pipelines

• If utilizing GitHub Actions, inspect dependencies and limit untrusted third-party code.
• Enforce strict repository access controls.

The Bigger Picture: Convenience vs. Security

This attack highlights a growing problem - security gaps created by prioritizing convenience over robust authentication. Organizations value ease of use, but frequently at the expense of strong authentication measures. Password-based security, even with MFA, remains susceptible to bypasses. A passwordless, zero-trust solution, such as PureAuth, provides a more resilient option by removing traditional authentication vulnerabilities.

Final Takeaway: Act Now, Stay Secure

This is not another security notice: It's a wake-up call. Fortinet's authentication bypass vulnerabilities are being exploited today, and the delay compounds the threat. Organizations have no choice but to patch ASAP, harden their authentication efforts, and revamp how they approach identity security.

In cybersecurity, delay is not an option. Proactive defense is the only way to go. Be ahead of the attackers, because they're already ahead of you. #gopasswordless