Attackers exploit a new zero-day to hijack Fortinet firewalls

Threat actors are exploiting a new zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls. The vulnerability, CVE-2025-24472, allows remote attackers to gain super-admin privileges by making maliciously crafted CSF proxy requests. Arctic Wolf researchers observed a campaign involving unauthorized logins, account creation, and configuration changes on Fortinet FortiGate firewalls, likely exploiting this zero-day flaw.