CVE-2025-24472 - Geek Feed

New SuperBlack ransomware exploits Fortinet auth bypass flaws

March 19, 2025March 19, 2025 geekfeed0Tagged Actively Exploited, Authentication Bypass, CVE-2024-55591, CVE-2025-24472, Encryption, lockbit, ransomware, SuperBlack, SuperBlack Ransomware

A new ransomware operator named ‘Mora_001’ is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. The two vulnerabilities, both authentication bypasses, are CVE-2024-55591 and CVE-2025-24472, which Fortinet disclosed in January and February, respectively. When Fortinet first disclosed CVE-2024-55591 on January 14, they confirmed it had […]

3 mins read

Fortinet discloses second firewall auth bypass patched in January

February 13, 2025February 13, 2025 geekfeed0Tagged Actively Exploited, Authentication Bypass, CVE-2025-24472, Fortinet, FortiOS, FortiProxy, Zero-Day

Furthermore, even though today’s updated advisory indicates that both flaws were exploited in attacks and even includes a workaround for the new CSF proxy requests exploitation pathway, Fortinet says that only CVE-2024-55591 was exploited. Fortinet told GeekFeed that if a customer previously upgraded based on the guidance in FG-IR-24-535 / CVE-2024-55591, then they are already protected against the […]

3 mins read