June 26, 2025

Summary: WaterISAC’s federal partners have shared new information indicating that nation state threat actors who routinely target critical infrastructure are actively researching the below vulnerabilities in Fortinet products, which could allow them to conduct future attacks.

Analyst Note: WaterISAC encourages utilities to reassess the previous Fortinet vulnerabilities shared on June 12, 2025. In particular, organizations are encouraged to ensure that ForitProxy and FortiOS are upgraded as indicated by Fortinet for these CVEs: 

• CVE-2024-55591
• CVE-2025-24472
• CVE-2024-21762

Mitigation Recommendations:

• Fortinet | Authentication bypass in Node.js websocket module and CSF requests
• Fortinet | Out-of-bound Write in sslvpnd

Additional Reading:

• https://www.bleepingcomputer.com/news/security/critical-fortinet-flaws-now-exploited-in-qilin-ransomware-attacks/

Related WaterISAC PIRs: 6, 6.1, 7, 8

June 12, 2025

Summary: Fortinet and Ivanti announced fixes for over a dozen vulnerabilities across their product portfolios, including multiple high-severity flaws, as part of their June patch Tuesday security updates.

Ivanti updated three high-severity vulnerabilities in Workspace Control (IWC) that have the potential to lead to credential leaks. These are tracked as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455.

Fortinet released 14 patches on Tuesday addressing one high-severity and many medium-severity vulnerabilities. The high-severity vulnerability is tracked as CVE-2025-31104 is described as an OS command injection vulnerability in FortiADC that could allow an authenticated attacker to execute arbitrary code using crafted HTTP requests.

Analyst Note: WaterISAC actively tracks and shares with members critical vulnerabilities in both Ivanti and Fortinet products as these products are widely used within the sector, often have high-risk vulnerabilities associated with them requiring updates, and are targeted by many of the threat actors who focus on the water sector and other critical infrastructure sectors. Notably, there were three incidents recorded in WaterISAC’s Quarterly Incident Report (Q1 of 2024) which involved Ivanti vulnerabilities creating further issues. WaterISAC urges members to update their systems as indicated in the advisories from Ivanti and Fortinet respectively. Additionally, members are encouraged to review WaterISAC’s previous coverage of these types of vulnerabilities for additional recommendations and best practices.

Original Source: https://www.securityweek.com/fortinet-ivanti-patch-high-severity-vulnerabilities/

Additional Reading:

• (TLP:CLEAR) Ivanti Connect Secure Vulnerability Actively Exploited by China-Nexus Group (Updated: April 7, 2025)
• Vulnerability Notification – Fortinet FortiManager Zero-Day Exploitation, CVE-2024-47575 (Updated – October 31, 2024)
• Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways

Mitigation Recommendations:

• Security Advisory Ivanti Workspace Control (CVE-2025-5353, CVE- CVE-2025-22463, CVE-2025-22455)
• Multiple OS command injection in Web Vulnerability Scanner | Fortinet

Related WaterISAC PIRs: 6, 8, 9, 12