Fortinet FortiOS Improper Certificate Validation Vulnerability Allowing Connection via Revoked Certificate

Vulnerability

A vulnerability allowing improper certificate validation has been identified in Fortinet FortiOS versions 7.6.1 and prior, as well as 7.4.7 and prior. This vulnerability may enable an EAP-verified remote user to connect through FortiClient using a revoked certificate.

Impact

Exploitation of this vulnerability could lead to unauthorized connections being established via FortiClient, using revoked certificates that should not be trusted.

Added: Jun 10, 2025, 6:30 PM

Updated: Jun 10, 2025, 6:30 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.0

exploitability

7.0

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.0

exploitability

7.0

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiOS Improper Certificate Validation Vulnerability Allowing Connection via Revoked Certificate

Vulnerability

Impact

Affected Products

Fortinet FortiOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating