CVE-2025-22252

CVE Database · CVE-2025-22252

CVE-2025-22252

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

0.78%

Published

May 28, 2025

Modified

Jun 4, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-306

Affected Products (4)

fortinet · fortiproxyvulnerable

fortinet · fortiswitchmanagervulnerable

fortinet · fortios (up to 7.4.7)vulnerable

fortinet · fortiosvulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-472

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs