CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Jan 21, 2025
Description
Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
EPSS — Exploit Probability
Higher than 99.8% of all CVEs
Required Action
https://fortiguard.fortinet.com/psirt/FG-IR-24-535 ; https://nvd.nist.gov/vuln/detail/CVE-2024-55591
Related Articles (3)
⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware
Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.
Mar 9, 2026
ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
ThreatsDay roundup covering stealthy attacks, phishing trends, exploit chains, and rising security risks across the threat landscape.
Mar 19, 2026
In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting
Other noteworthy stories that might have slipped under the radar: vulnerabilities found in KVM devices, Claudy Day Claude vulnerabilities, The Gentlemen ransomware group.
Mar 20, 2026
Risk Assessment
CRITICALDetails
- Severity
- High
- EPSS
- 93.7%
- CISA KEV
- Yes
- Ransomware
- Known
- Articles
- 3
Timeline
Published
Jan 14, 2025
Added to KEV
Jan 14, 2025
Remediation Due
Jan 21, 2025