An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to gain super-admin privileges on the downstream device, if the Security Fabric is enabled, via crafted CSF proxy requests.
https://www.darkreading.com/cyberattacks-data-breaches/fortinet-products-in-crosshairs-again
https://thehackernews.com/2025/03/vanhelsing-raas-launch-3-victims-5k.html
https://www.databreachtoday.com/fortinet-targeting-ransomware-attacks-leave-devices-patched-a-27800
https://therecord.media/mora001-ransomware-gang-exploiting-vulnerability-lockbit
https://www.theregister.com/2025/03/14/ransomware_gang_lockbit_ties/
https://www.forescout.com/blog/new-ransomware-operator-exploits-fortinet-vulnerability-duo/