CVE-2025-24471

Medium CVSS 6.5

Overview

An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.

CWE: CWE-295 Published: 2025-06-10T17:21:16.277

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.5 (MEDIUM)
Detected tags: crypto (tag impact: MODERATE)

Recommended actions:

Drop weak ciphers/protocols; prefer modern, safe defaults.

Overview

Recommended tools

Tags