CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild

Tenable reports that Fortinet patched a critical authentication bypass zero-day in FortiOS and FortiProxy (CVE-2024-55591, later supplemented by CVE-2025-24472) which has been actively exploited in the wild since at least November 2024; successful exploitation can grant super-admin privileges. The advisory describes attack vectors (crafted Node.js websocket or CSF proxy requests), overlaps with an Arctic Wolf-observed campaign (scanning, reconnaissance, SSL VPN configuration, lateral movement), affected product versions, available patches and workarounds, and included IoCs.