VPN Firewalls as Sitting Ducks?
- Admin
- Mar 26
- 1 min read
A recent addition of a Fortinet vulnerability (CVE-2025-24472) to CISA's Known Exploited Vulnerabilities Catalog shows attackers are continuously exploring additional venues into Fortigate and FortiProxy devices, combining them with previously found ones (see details here).
As we can expect more such vulnerabilities to surface (from all vendors!), upgrading and ideally moving to autopatch or vendor managed infrastructure (SASE-like approach) should be a priority for organizations of all sizes.
A good starting point is enrolling devices into FortiGate Cloud, which leans towards more automated patching against exploited vulnerabilities (see a recent update here)
In any case, the threat actor activities are part of a larger pattern of reverse engineering internet-facing devices such NGFWs or VPN remote access gateways (see here), and Fortinet is particularly attractive due to its success as one of the market leaders.
🖼️ Picture: the number of public-facing devices in the Adriatics region according to Shodan internet search engine.
![[Webinar] NIS2 is Here - What Now?](https://static.wixstatic.com/media/6681e7_beb47411e54f424c8b934c85bd5b487b~mv2.png/v1/fill/w_1220,h_1220,fp_0.50_0.50,q_95,enc_avif,quality_auto/6681e7_beb47411e54f424c8b934c85bd5b487b~mv2.png)
