vulnerability

Fortinet FortiOS: Unspecified Security Vulnerability (CVE-2024-52965)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:M/C:C/I:C/A:C)	Jul 8, 2025	Jul 24, 2025	Aug 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:C)

Published

Jul 8, 2025

Added

Jul 24, 2025

Modified

Aug 11, 2025

Description

A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user using api-key + PKI user certificate authentication to login even if the certificate is invalid.

Solutions

fortios-upgrade-7_0_17fortios-upgrade-7_2_11fortios-upgrade-7_4_6

References

CVE-2024-52965
https://attackerkb.com/topics/CVE-2024-52965
CWE-304
URL-https://fortiguard.fortinet.com/psirt/FG-IR-24-511

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today