It was first observed as a zero-day exploit as early as June 2024, notably by a threat cluster tracked as UNC5820 . Exploitation Context
The "mp4" suffix in searches for "27575mp4" typically leads to recorded videos. These videos demonstrate how researchers or attackers can: CVE-2024-47575 Detail - NVD 27575mp4
A remote, unauthenticated attacker could execute arbitrary code or commands by sending specially crafted requests to an exposed FortiManager device. It was first observed as a zero-day exploit