CVE-2025-24470

Summary

CVE-2025-24470 is a newly identified vulnerability affecting FortiPortal versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, and 7.0.0 through 7.0.11. This issue, classified as an Improper Resolution of Path Equivalence (CWE-41), enables unauthenticated attackers to retrieve sensitive source code through specially crafted HTTP requests. By exploiting this vulnerability, attackers can gain valuable insight into the FortiPortal system and potentially use this information to launch further attacks. This issue poses a significant risk to organizations using the affected FortiPortal versions and requires immediate attention to apply the available patches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.