CVE Vulnerabilities

CVE-2025-24471

Improper Certificate Validation

Published: Jun 10, 2025 | Modified: Jul 22, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

AnĀ Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Fortisase Fortinet 25.1.39 (including) 25.1.39 (including)
Fortios Fortinet 7.4.0 (including) 7.4.8 (excluding)
Fortios Fortinet 7.6.0 (including) 7.6.2 (excluding)

Potential Mitigations

References