Skip to content
Safeguarding Your Gadgets GalaxyRevolutionize Your Business with Cloud ComputingUnleashing the Power of Gadgets!

CISA Warns of Active Exploits in Fortinet Products and GitHub Actions Library

Active exploits threaten Fortinet users and GitHub Actions users. CISA warns of ongoing ransomware campaigns exploiting these vulnerabilities.

 and  Administrator
2 min read
In this image in front there are spray boxes. Behind them there is a banner.
In this image in front there are spray boxes. Behind them there is a banner.

CISA Warns of Active Exploits in Fortinet Products and GitHub Actions Library

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent warnings about active exploitations of critical vulnerabilities in Fortinet products and a popular GitHub Actions library. These exploits are being used in ongoing ransomware campaigns.

CISA confirmed on March 18, 2025, that a high-severity vulnerability in Fortinet products, CVE-2025-24472, is being actively exploited. This vulnerability, an authentication bypass using an alternate path, affects various FortiOS and FortiProxy versions. Users were advised to install patched versions 7.0.17, 7.2.13, and 7.0.20 to mitigate the risk. Fortinet disclosed this vulnerability in mid-January 2025, rating it high severity with a CVSS base score of 8.1.

In a separate alert, CISA added CVE-2025-30066 to its Known Exploited Vulnerabilities (KEV) catalog. This supply chain vulnerability affects the tj-actions/changed-files GitHub Actions library used by over 23,000 organizations. All versions of the library were affected, with a CVSS base score of 8.6. The vulnerability allowed attackers to expose CI/CD secrets in GitHub Actions build logs by modifying the code and updating version tags. This is reminiscent of a similar incident in March 2023, where the 'Nobelium' organization exploited a security vulnerability in a popular GitHub Actions library to expose CI/CD secrets.

CISA also warned about Mora_001, a ransomware group connected to LockBit, exploiting CVE-2025-24472 alongside CVE-2024-55591 to deploy 'SuperBlack' ransomware. Exploiting CVE-2025-24472 can grant a remote attacker super-admin privileges via crafted CSF proxy requests.

Organizations using Fortinet products and GitHub Actions are urged to apply the latest patches and monitor their systems for any suspicious activity. CISA's timely warnings highlight the importance of staying updated with security advisories to mitigate potential cyber threats.

Read also:

Related

Latest