6.5
CVE-2025-24471
- EPSS 0.32%
- Veröffentlicht 10.06.2025 16:36:18
- Zuletzt bearbeitet 09.06.2026 10:16:34
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.239 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@fortinet.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
https://fortiguard.fortinet.com/psirt/FG-IR-24-544
https://cert-portal.siemens.com/productcert/html/ssa-864900.html