vulnerability

Fortinet FortiOS: CVE-2025-22252: TACACS+ authentication bypass

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

May 13, 2025

Added

Jun 6, 2025

Modified

Jun 23, 2026

Description

A missing authentication for critical function vulnerability [CWE-306] in FortiOS, FortiProxy, and FortiSwitchManager TACACS+ configured to use a remote TACACS+ server for authentication, that has itself been configured to use ASCII authentication may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass.

Solution

fortios-upgrade-latest

References

https://www.fortiguard.com/psirt/FG-IR-24-472
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-16333
CVE-2025-22252
https://attackerkb.com/topics/CVE-2025-22252
CWE-306
EUVD-EUVD-2025-16333

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report