vulnerability

Fortinet FortiOS: Missing Authentication for Critical Function (CVE-2025-22252)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	May 28, 2025	Jun 6, 2025	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

May 28, 2025

Added

Jun 6, 2025

Modified

Mar 30, 2026

Description

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass.

Solution

fortios-upgrade-7_4_7

References

CVE-2025-22252
https://attackerkb.com/topics/CVE-2025-22252
CWE-306
EUVD-EUVD-2025-16333
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-16333
https://fortiguard.fortinet.com/psirt/FG-IR-24-472

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report