VYPR
Medium severity6.5NVD Advisory· Published Jun 10, 2025· Updated Jun 9, 2026

CVE-2025-24471

CVE-2025-24471

Description

An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:fortinet:fortisase:25.1.39:*:*:*:-:*:*:*
  • Fortinet/Fortios3 versions
    cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*range: >=7.4.0,<7.4.8
    • cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*range: 7.6.0
    • (no CPE)range: <=7.6.1, <=7.4.7

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.