https://cve.circl.lu/comments/feedMost recent comment.2025-02-24T05:30:44.534646+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent comments.https://cve.circl.lu/comment/cae05d8f-677d-4f75-9a64-811c17a16d2dFortinet Clarification2025-02-24T05:30:44.539110+00:00Alexandre Dulaunoyhttp://cvepremium.circl.lu/user/adulauUPDATE: Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January, but not disclosed then.
Furthermore, even though the current advisory states that the listed flaws were exploited in attacks and includes workarounds, Fortinet says that only CVE-2024-55591, and not CVE-2025-24472.
It appears that this new CVE is for a different pathway to exploiting the bug that was not previously disclosed and was just now added to the Fortinet advisory about the active exploitation of CVE-2024-55591, causing the confusion.
We have updated this previous toot, changed the title of our article, and added an update to prevent confusion.
Ref: https://infosec.exchange/@BleepingComputer/1139867772488622232025-02-12T05:40:36.908353+00:00