There has been some news doing the rounds about a Zero Day in Fortinet Products recently but information was scarce.

It has now been confirmed that Fortinet FortiGate firewall devices with an Internet facing Management Interface are vulnerable to a zero-day vulnerability. 

The vulnerability allows a remote attacker to gain super-admin privileges. Once they gain those privileges, then they pretty much can do anything to the FortiGate.

Affected versions:

• FortiOS 7.0 - 7.0.0 through 7.0.16
• FortiProxy 7.0 - 7.0.0 through 7.0.19
• FortiProxy 7.2 - 7.2.0 through 7.2.12

CVSSv3 score is 9.6 so pretty much up there.

Needless to say, patch now and if possible restrict the management interface access over the Internet.

Resources:

• https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/
• https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html
• https://www.fortiguard.com/psirt/FG-IR-24-535