CISA Warns of Actively Exploited Fortinet, GitHub Action Vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about two critical vulnerabilities being actively exploited. One affects Fortinet products, while the other impacts the tj-actions/changed-files GitHub Action, used by over 23,000 organizations.
On March 18, CISA confirmed the exploitation of CVE-2025-24472, an authentication bypass vulnerability in FortiOS and FortiProxy. This allows attackers to gain super-admin privileges via crafted CSF proxy requests. The vulnerability is being exploited by Mora_001, a LockBit-connected ransomware group, to deploy 'SuperBlack' ransomware. Fortinet has released patches, and users are advised to update their systems.
In a separate incident, CISA added CVE-2025-30066 to its Known Exploited Vulnerabilities (KEV) catalog. This supply chain vulnerability affects the tj-actions/changed-files GitHub Action. It exposed CI/CD secrets in GitHub Actions build logs, impacting over 23,000 organizations. The organization responsible for this exploit remains unknown. Fortinet disclosed the vulnerability in mid-January 2025, rating it high severity with a CVSS base score of 8.1.
Organizations are urged to apply the available patches for both vulnerabilities and review their GitHub Action usage to mitigate potential risks. CISA's KEV catalog now includes both CVE-2025-24472 and CVE-2025-30066, highlighting the active exploitation of these critical issues.
Read also:
- Regensburg Customs Crackdown Nets 40+ Violations in Hotel Industry
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Sanae Takaichi Set to Make History as Japan's First Female PM, Bringing Controversial Views
- Brazilian Man Arrested for Alleged Role in FBI InfraGard Leak
