vulnerability

Fortinet FortiOS: Missing Authentication for Critical Function (CVE-2025-22252)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	May 28, 2025	Jun 6, 2025	Aug 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

May 28, 2025

Added

Jun 6, 2025

Modified

Aug 11, 2025

Description

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass.

Solution

fortios-upgrade-7_4_7

References

CVE-2025-22252
https://attackerkb.com/topics/CVE-2025-22252
CWE-306
URL-https://fortiguard.fortinet.com/psirt/FG-IR-24-472

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today